Mixing DHCP server and DHCP relay
-
Just my 2 cents - just managed to workaround and mix the subject.
1.Plan IP addresses/interfaces and write everything down. Real FreeBSD interface names are required ("rl0", "fxp0", "dc1" etc). Real interface names may be seen by navigating to "Interfaces"->"(assign)" menu in pfSense.
2. Navigate to "System"->"Packages" and install "Shellcmd" package.
3. Install "dhcprelay" FreeBSD package by navigating to "Diagnostics"->"Command Prompt"; enter the following command in the "Command:" field:
pkg_add -r ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-8.2-release/net/dhcprelay-1.2_1.tbz
Click "Execute" button and wait for page to reload.
4. In the same "Diagnostics"->"Command Prompt" menu, enter "rehash" into "Command:" field and click "Execute" button. Wait for page to reload.
5. Let's assume that we have a local LAN interface "rl0" with IP address 192.168.1.253 that we want to relay DHCP on. As an example, real DHCP server is on other network (it must be accessible from the pfSense box, of course) with IP address 192.168.50.240 and configured with 192.168.1.0/24 subnet scope.
6. Navigate to "Services"->"Shellcmd" menu in pfSense.
7. Assuming the above topology example, add new "Shellcmd" command with type "shellcmd":
echo /usr/local/bin/dhcprelay rl0:192.168.1.253 192.168.50.240 > /usr/local/etc/rc.d/dhcprelay.sh
8. Add another "Shellcmd" command with type "shellcmd":
chmod +x /usr/local/etc/rc.d/dhcprelay.sh
9. Restart the pfSense firewall "Diagnostics"->"Reboot"->"Yes".
10. Check if "dhcprelay" process is running by navigating to "Diagnostics"->"Command Prompt", entering:
top | grep dhcprelay
and clicking "Execute" button. The "dhcprelay process should be seen in the result window.
The order of "Shellcmd" command addition is most likely important. Note that although it is possible to have both DHCP server and DHCP relay on the same machine, currently, this is officially not supported as DHCP server/relay conflict checking would be quite difficult to implement. Be careful and make sure that DHCP server is not running on the interface intended to run DHCP relay on, otherwise relay won't bind. The purpose/advantage of the above method vs the manual "rc.d" script is that "Shellcmd" commands are saved with .xml configuration backups and the only two things that should be done after restoring configuration to new machine are re-installing "Shellcmd" package (if not done automatically) and installing FreeBSD "dhcprelay" package (step 3).
-
I would use the included dhcrelay instead of adding another package. Either way you have to be careful with the scenario you're using because of binding requirements of the DHCP server vs. relay, the input validation to force correct usage is ugly and error-prone, which is why it's not permitted to mix the two in the GUI.
-
Totally agree, this is a workaround and everything needs double-triple checking, but this is the only way I found that suits my scenario. I needed DHCP server and DHCP relay on the same box. Moreover, I needed relay to work over OpenVPN tunnel. As far as I have tried (with 2.0 BETA, if I'm not mistaken), the pfSense DHCP relay did not work over OpenVPN tunnel. Maybe things changed over time, I haven't tried that with the 2.0.1-2.0.2 releases. The above mentioned FreeBSD dhcprelay package relayed through OpenVPN tun all the time with no problems, for about 5 years I think (previously used on FreeBSD before moving all routers to pfSense).