Two LANs, No DHCP on LAN 2
-
Dear Netgate community,
I'm having troubles with creating separate subnets and DHCP.
I am on latest version of pfsense.
I have my original LAN interface (ix3) on 10.1.10.0/24
I created a new LAN interface (ix2) on 10.1.11.0/24, IPv4 address I entered 10.1.11.1/24On the original LAN interface 10.1.10.0/24, I have it connected to a switch and connected to the switch is a windows server Domain controller with DHCP and DNS which gives IP addresses out to my entire network.
On the new LAN interface I created, I connected it to separate switch I had, and connected a laptop to that switch. Currently, the laptop will not get an IP from DHCP server on my original subnet on 10.1.10.0/24.
How can I make it so the windows server DHCP on 10.1.10.0/24 can talk and give IPs to my computers connected to the new LAN I created on 10.1.11.0/24?
If I simply enable DHCP on pfsense for the new LAN interface, it will get an IP. But I want to use 1 DHCP on my windows server.
In addition, I'm not getting any internet on my 2nd LAN subnet I created.
Any help would be greatly appreciated. I've been banging my head for a long time now. I was originally aiming to use VLANs on my switch and pfsense to create separate subnets but ran into similar issue (DHCP could not contact computers on the new subnet). VLANs will be for another learning experience. Thank you so much!
If you need any other info I can provide it as fast as I can!
-
@techgeek055
If the new LAN is 10.1.11.0 it's DHCP server has to be within that range. You configure a DHCP server for each interface, according to the subnet addresses. If you want a computer on that LAN to get an address from the Windows server, you'll have to use a DHCP relay on pfSense and the Windows DHCP server will need to provide theappropriate addresses for that new LAN>
-
Thanks so much JKnott! I will research DHCP relay. It looks like that is what I want. I'll give it a whirl shortly.
-
@JKnott Got it working! Thanks again.
I'm just trying to get internet on the new LAN now. Do you have any ideas for me on that?
I only have 1 WAN port connected to the internet on my pfsense box, currently giving internet to my original LAN subnet.
-
This post is deleted! -
Internet is working!
This may be a stupid question but, to get my new subnet communicating with my original subnet, the dhcp server on that network and to get internet, I had to plug in the switch that is connected to my new pfsense lan/subnet port to the switch that is plugged into my original pfsense lan/subnet port that has my DHCP server connected to it.
Is that correct? or should my new subnet be able to get ip from DHCP without having to plug into the switch connected to my original lan/subnet port on pfsense.
-
oops, spoke too soon. Internet not working yet. Just the LAN is working.
-
What rules do you have on this 2nd network .11 interface in pfsense?
In your scope you created for this 2nd network on your dhcpd on .10 network - where did you point the gateway, what did you set for dns.
-
Currently, I have it to set to allow everything.
-
Do your clients in .11 get an IP from your dhcp, and point to pfsense .11 address as their gateway - where do they go for dns, etc.
You left outbound nat set to automatic?
As to everything - you sure, see lots of times users set tcp only - since is the dropdown default when creating a new rule.
-
@johnpoz I pointed the gateway to 10.1.11.1, which was the IP I gave the new .11 subnet interface on pfsense.
DNS I set to the local dns server for the domain on the same domain controller that has DHCP server.
-
Can your clients in the .11 network ping pfsense IP? 10.1.11.1
can they query your dns.. Possible your windows box firewall blocking them from doing dns.. Simple test using nslookup, dig etc on the client would validate dns is working.
-
@johnpoz omg, thanks so much for giving me that hint. I had my outbound mode on Manual because of the VPN I have setup on pfsense.
So I just had to duplicate the existing rules for my original lan/subnet and change the ip address to my .11 subnet.
Now it's working. Yahoo!!!
I'll be playing around with the new subnet and firewall rules to fine tune it. Then when I feel comfortable i'll try the VLAN subnetting on my switch again to see if I have better luck.
-
Just so you know, you do not need to set manual for vpn client in pfsense... You DONT!!
All that is needed is a hybrid setup... The guides that these vpn services put out are almost always just utter CRAP!!!
-
@johnpoz oh, I didn't know that... thank you AGAIN.
Does that mean I can simply switch my outbound mode to "Hybrid Outbound Nat mode?
I'll give it a try, i'll backup my pfsense incase anything messes up and I can restore quickly!
-
Here I have a vpn client setup in pfsense to point to a vps running openvpn access server, that I use for testing policy routing and such to help other users..
I only use it when testing stuff... So if I policy route a client on my lan network (192.168.9/24) to go out the vpn - this outbound nat is used to nat to the vpn interface IP..
-
@johnpoz Okay, i'll take a look and give it a whirl!
-
@johnpoz Working like a charm. Thaaaaank you!
I basically just had to click Hybrid outbound and save. Then Just add 1 more mapping for my new .11 subnet (just duplicated the original mapping that was already there)
