DHCP server answering on all interfaces? why?

MindTwist

This is a weird problem I stumbled upon, it won't be much of a problem if I am unable to fix it, but what bothers me the most is not the problem itself, but that I do not understand why it happens.

I am running a pfSense installation on a VMWare machine. Computer has one physical NIC, VM has 4 interfaces, LAN and 3 WANs (WAN OPT1 OPT2). I use Load Balancer for Failover, so if one connection is down, traffic is redirected to another connection. I direct traffic to a given WAN depending on a set of rules, mainly the destination port.

My DHCP server is enabled only on the LAN interface, not on OPT1 or OPT2 (I do not even see an option for enabling it on WAN).

My problem, on Firewall -> Rules -> Lan the last rule I have just used to direct all traffic that did not match any previous rule to gateway *. As soon as I change that gateway from * to FailoverTC (one of my Failover pools) so unknown traffic will have failover, my computers on the network start protesting on boot that there is already a computer on the network with that name.

When I check Status -> System Logs -> System and Status -> System Logs -> DHCP it seems as if with that single change, my computers are now getting 4 DHCP answers when they are asking for a lease. That could be because this is really a VM with just ONE physical NIC, but I do not understand why this problem only shows up when I change my last rule gateway from "*" to "FailoverTC".

Status -> System Logs -> DHCP:
May 9 17:14:06 dhcpd: uid lease 192.168.1.168 for client 00:0f:ea:2b:93:ed is duplicate on 192.168.1/24 
May 9 17:14:06 dhcpd: DHCPDISCOVER from 00:0f:ea:2b:93:ed via le1 
May 9 17:14:06 dhcpd: DHCPOFFER on 192.168.1.27 to 00:0f:ea:2b:93:ed via le1 
May 9 17:14:06 dhcpd: uid lease 192.168.1.168 for client 00:0f:ea:2b:93:ed is duplicate on 192.168.1/24 
May 9 17:14:06 dhcpd: DHCPREQUEST for 192.168.1.27 (192.168.1.112) from 00:0f:ea:2b:93:ed via le1 
May 9 17:14:06 dhcpd: DHCPACK on 192.168.1.27 to 00:0f:ea:2b:93:ed via le1 
May 9 17:14:07 dhcpd: uid lease 192.168.1.169 for client 00:14:85:84:52:20 is duplicate on 192.168.1/24 
May 9 17:14:07 dhcpd: DHCPDISCOVER from 00:14:85:84:52:20 via le1 
May 9 17:14:07 dhcpd: DHCPOFFER on 192.168.1.30 to 00:14:85:84:52:20 via le1 
May 9 17:14:07 dhcpd: uid lease 192.168.1.169 for client 00:14:85:84:52:20 is duplicate on 192.168.1/24 
May 9 17:14:07 dhcpd: DHCPREQUEST for 192.168.1.30 (192.168.1.112) from 00:14:85:84:52:20 via le1 
May 9 17:14:07 dhcpd: DHCPACK on 192.168.1.30 to 00:14:85:84:52:20 via le1 

Status -> System Logs -> System

May 9 17:14:06 dhcpd: uid lease 192.168.1.168 for client 00:0f:ea:2b:93:ed is duplicate on 192.168.1/24 
May 9 17:14:06 dhcpd: uid lease 192.168.1.168 for client 00:0f:ea:2b:93:ed is duplicate on 192.168.1/24 
May 9 17:14:07 dhcpd: uid lease 192.168.1.169 for client 00:14:85:84:52:20 is duplicate on 192.168.1/24 
May 9 17:14:07 dhcpd: uid lease 192.168.1.169 for client 00:14:85:84:52:20 is duplicate on 192.168.1/24 
May 9 17:14:09 dhcpd: uid lease 192.168.1.168 for client 00:0f:ea:2b:93:ed is duplicate on 192.168.1/24 
May 9 17:14:09 dhcpd: uid lease 192.168.1.169 for client 00:14:85:84:52:20 is duplicate on 192.168.1/24 

One thing to note, my computers have fixed leases, and those IPs 192.168.1.100 and higher are from the dynamic pool. The computer is assigned the right IP (192.168.1.30) and then for 3 times in a row it is trying to be assigned another IP (192.168.1.169)

I also find it strange that I just created a rule on Firewall -> Rules -> LAN to block TCP/UDP traffic on Netbios ports (137-139), and now my computers do not whine any more about a duplicate computer on the network. So it is not bothering me any more, except for filling up my logs with garbage…

Any hints on why changing that gateway to a pool might be causing this?

Thanks!

GruensFroeschli

You bridged multiple Interfaces to the same "virtual hub".
Aka sharing the same physical layer on multiple interfaces.

This isn't a problem of pfSense but a misconfiguration of VmWare.

Get more than one NIC ;)

I also find it strange that I just created a rule on Firewall -> Rules -> LAN to block TCP/UDP traffic on Netbios ports (137-139), and now my computers do not whine any more about a duplicate computer on the network. So it is not bothering me any more, except for filling up my logs with garbage…

Any hints on why changing that gateway to a pool might be causing this?

I think this is because of the same as above.
Traffic comes in on one interface and goes out another into the same network.
Really dont share the same network on multiple interfaces if you can avoid it.

MindTwist

I understand that a DHCP request from any computer on the network will reach my pfSense on this single physical interface, and can be received by my 4 virtual NICs. I am positive that if this was a physical computer with 4 physical NICs, instead of a VM with just one physical NIC and 4 virtual NICs bridged to it, this problem would not be here.

I just do not understand why this happens just by changing this single rule.

With the second rule (the one enabled on the picture) there's no problem. As soon as I disable that rule, and enable the one on top, which is the exact same rule but with the gateway being the pool "FailoverTC", the problem starts. It is also strange than my 3 WAN interfaces would be answering DHCP requests, since none of them have DHCP server enabled…
???

johndakos

@GruensFroeschli:

You bridged multiple Interfaces to the same "virtual hub".
Traffic comes in on one interface and goes out another into the same network.

yes GruensFroeschli you are right, i have the same problem and i fix now

Traffic comes in on one interface and goes out another into the same network.

thanks GruensFroeschli