Why is pfsense passing dhcp requests through its WAN interface?
-
This is a follow-up to my previous post, "pfSense router cannot ping or perform nslookups". I decided to forgo the buggy Advanced DMZ for regular DMZ.
I changed the IP of my bell modem to 192.168.1.1 (from 192.168.0.1), changed the LAN IP of my pfsense box to 192.168.0.1 (from 192.168.0.3) and enabled dhcp. My main switch is connected to my pfsense box's LAN port, only the WAN port is connected to the bell home hub modem. The pfsense box's WAN IP is 192.168.1.10 as it should be, but some machines on the network are getting 192.168.1.0/24 IP addresses instead of 192.168.0.0/24 IP addresses.
What the hell is going on?
If a network diagram is needed, let me know of a good diagram maker.
-
What are your exact settings on the LAN interface? And in the LAN DHCP tab?
Did you maybe setup an unnecessary bridge between WAN and LAN?
Do the client leases from 192.168.1.x appear under Status > DHCP Leases?
-
pfSense will not be passing DHCP through unless you have bridging of some sort setup.
Most likely the setting has not been changed completely on the LAN. Check that^.
Alternatively you have a cable somehow bypassing pfSense or some other rogue DHCP server on the LAN.
Steve
-
@jimp said in Why is pfsense passing dhcp requests through its WAN interface?:
What are your exact settings on the LAN interface? And in the LAN DHCP tab?
The IP range for DHCP is 192.168.0.60 to 192.168.0.90
Did you maybe setup an unnecessary bridge between WAN and LAN?
I checked, no bridges
Do the client leases from 192.168.1.x appear under Status > DHCP Leases?
They do not
@stephenw10 said in Why is pfsense passing dhcp requests through its WAN interface?:
pfSense will not be passing DHCP through unless you have bridging of some sort setup.
There's no bridges
Most likely the setting has not been changed completely on the LAN. Check that^.
What setting would I look for?
Alternatively you have a cable somehow bypassing pfSense or some other rogue DHCP server on the LAN.
The only cable connected to the modem is the pfsense box and the only other dhcp server is the modem which is on its own network.
-
So what DHCP server do the clients report as receiving an address from?
Perhaps you have a rogue DHCP server on your LAN, like a wireless AP, that was not changed to the new subnet.
-
I reinstalled pfsense, shut down all my networking equipment and started them up again and everything's getting appropriate IP addresses now. I have no idea what was going on.
-
@UntouchedWagons said in Why is pfsense passing dhcp requests through its WAN interface?:
What the hell is going on?
@UntouchedWagons said in Why is pfsense passing dhcp requests through its WAN interface?:
I have no idea what was going on.
Usually, when one sees statements such as these, there was a typo or misconfiguration...I have sworn I put the correct server address only to realize I had an error/typo/misconfiguration...it's embarrassing and is a part of the learning processing...
-
We noticed this behavior after re-imaging the device and importing settings from an earlier version of pfsense.
In our case we found that under INTERFACES > WAN a box had become unchecked: "Block private networks and loopback addresses"
After checking and saving the changes no more DHCP leases were issued by the device on the other side of the WAN.
-
It shouldn't matter what the firewall rules are and that's all the block private IPs setting is. DHCP request broadcasts from clients on the LAN cannot be routed to the WAN. DHCP only works inside the broadcast domain.
So if it actually was getting an IP from a server in a different subnet it must have been bridged or there was a dhcp proxy enabled.
It's far more common to find a rogue dhcp server on the LAN handing out IPs in the wrong subnet when that happens.Steve
-
@stephenw10 Thank you for your insight.
In our case that was the only modification to the configuration after noticing the issue and it resolved it. Hopefuly others will able to try should the encounter the issue.