Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP server and bridged interfaces

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gelcom
      last edited by

      Hi all, sorry for the noob question but I'm going nuts with this.

      I have a virtualized pfSense on Esxi 6.7
      OPT1 is a trunk with several vlans. Each VLAN goes to one VM. All VLANS have different DHCP server working ok. All VMs get theirs specific IP from pfSense.

      I need to add a lan device to one specific network.
      I created a new port group and connected this port group to pfSENSE VM so traffic can be routed to one specific VM via pfSense. These 2 networks were bridged together. It all goes ok as far as this device has static IP.

      What I want to accomplish is to serve both bridged interfaces with same DHCP server but I can't get it work.

      This is what I've done so far:

      net.link.bridge.pfil_member=0
      net.link.bridge.pfil_bridge=1

      Interfaces are set to none
      Bridge is set to static ip 192.168.10.1/24
      DHCP server is enabled on bridge with address 192.168.10.100 to 192.168.10.200

      Both interfaces and bridge have the following rule as first:
      Protocol: UDP
      Source: 0.0.0.0
      Source Port: all
      Destination: 255.255.255.255
      Destination port: 67 and 68

      With no luck.

      What I'm doing wrong?

      Kind regards

      E 1 Reply Last reply Reply Quote 0
      • E
        elfranko @gelcom
        last edited by

        @gelcom
        Sounds like you are trying to use DHCP Relay.
        I currently have my PfSense setup so it is physical, but all my VLANS are on the same NIC.
        This is trunked to my Switch, and each interface has a static IP.
        Which is similar to your setup
        My DHCP Server is on VLAN1 (There's 2 actually - Windows Server 2016 running as a HA Pair)
        This server has All the IP Ranges Set up and the relevant entries such as Default route / DNS
        In Services Menu select DHCP Relay and select the VLAN / Network Interfaces you want to have DHCP Give out an address for, and add the IP of the DHCP Server, Save and away you go.
        dhcprelay.JPG

        After that whatever network I have a device on it gets a DHCP IP Address.

        Hope this helps

        Efranko

        1 Reply Last reply Reply Quote 0
        • G
          gelcom
          last edited by

          Thanks for the reply!

          Isn't possible to have DHCP server instead of DHCP relay in my situation? I wish I could keep my DHCP server running as I have a few other interfaces that depend on him.

          kind regards

          E 1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            What you're doing should work. You can have multiple interfaces in a bridge and run a dhcp server on the bridge that will serve all clients.

            Do you see and blocked traffic in the firewall logs?

            Do you see incoming dhcp requests in packet captures?

            If you set the bridge sysctls after creating the bridge have you rebooted since?

            Steve

            G 1 Reply Last reply Reply Quote 1
            • E
              elfranko @gelcom
              last edited by

              @gelcom Ah, its the bridging bit. Not something I've ever used.

              Elfranko

              1 Reply Last reply Reply Quote 0
              • G
                gelcom @stephenw10
                last edited by

                @stephenw10 said in DHCP server and bridged interfaces:

                Do you see and blocked traffic in the firewall logs?

                I see nothing blocked on logs

                Do you see incoming dhcp requests in packet captures?

                in packet capture I see a lot of dhcp requests as follows:

                08:24:31.338439 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 548
08:24:31.338700 IP 192.168.104.1.67 > 192.168.104.100.68: UDP, length 300
08:24:32.404478 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 548
08:24:32.404687 IP 192.168.104.1.67 > 192.168.104.101.68: UDP, length 300
08:24:34.408468 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 548
08:24:34.408737 IP 192.168.104.1.67 > 192.168.104.100.68: UDP, length 300
08:24:35.464471 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 548
08:24:35.464747 IP 192.168.104.1.67 > 192.168.104.101.68: UDP, length 300
08:24:37.488454 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 548
08:24:37.488726 IP 192.168.104.1.67 > 192.168.104.100.68: UDP, length 300
08:24:38.524544 IP 0.0.0.0.68 > 255.255.255.255.67: UDP, length 548

                also I see a lot of logs in DHCP:

                Oct 5 08:24:37 	dhcpd 		DHCPDISCOVER from 00:15:65:67:52:87 (SIP-T46G) via bridge2
Oct 5 08:24:35 	dhcpd 		DHCPOFFER on 192.168.104.101 to 00:15:65:6f:10:a4 (SIP-T48G) via bridge2
Oct 5 08:24:35 	dhcpd 		DHCPDISCOVER from 00:15:65:6f:10:a4 (SIP-T48G) via bridge2
Oct 5 08:24:34 	dhcpd 		DHCPOFFER on 192.168.104.100 to 00:15:65:67:52:87 (SIP-T46G) via bridge2
Oct 5 08:24:34 	dhcpd 		DHCPDISCOVER from 00:15:65:67:52:87 (SIP-T46G) via bridge2
Oct 5 08:24:32 	dhcpd 		DHCPOFFER on 192.168.104.101 to 00:15:65:6f:10:a4 (SIP-T48G) via bridge2
Oct 5 08:24:32 	dhcpd 		DHCPDISCOVER from 00:15:65:6f:10:a4 (SIP-T48G) via bridge2
Oct 5 08:24:31 	dhcpd 		DHCPOFFER on 192.168.104.100 to 00:15:65:67:52:87 (SIP-T46G) via bridge2
Oct 5 08:24:31 	dhcpd 		DHCPDISCOVER from 00:15:65:67:52:87 (SIP-T46G) via bridge2
Oct 5 08:24:09 	dhcpd 		DHCPOFFER on 192.168.104.101 to 00:15:65:6f:10:a4 (SIP-T48G) via bridge2
Oct 5 08:24:09 	dhcpd 		DHCPDISCOVER from 00:15:65:6f:10:a4 (SIP-T48G) via bridge2
Oct 5 08:24:08 	dhcpd 		DHCPOFFER on 192.168.104.100 to 00:15:65:67:52:87 (SIP-T46G) via bridge2

                but when I go to Status / DHCP Leases nothing shows up and devices can't get an IP from DHCP server.

                a.jpg

                I have no idea on where to go from here...

                kind regards

                1 Reply Last reply Reply Quote 0
                • stephenw10S
                  stephenw10 Netgate Administrator
                  last edited by

                  Where did you run that pcap?

                  I would run it on the member interface closest to that client to make sure replies are going out.

                  Set the detail level higher and check the MAC addresses are correct.

                  Make sure the client is not rejecting it as a rogue dhcp server because the source MAC will have changed if it was previously on the interface directly.

                  You may want to set a MAC address on the bridge because otherwise and random one will be assigned at each boot and some clients will freak out at that. 😉

                  Steve

                  1 Reply Last reply Reply Quote 1
                  • G
                    gelcom
                    last edited by

                    @stephenw10 said in DHCP server and bridged interfaces:

                    Where did you run that pcap?

                    I ran it on the bridge interface. Now I ran it on member interface itself. Same output.

                    You may want to set a MAC address on the bridge because otherwise and random one will be assigned at each boot and some clients will freak out at that.

                    I set a spoof MAC address on bridge interface to avoid that.4

                    Set the detail level higher and check the MAC addresses are correct.

                    All MAC addresses are correct...
                    DHCP Discovery from 0.0.0.0 (Device's MAC address to broadcast
                    1.jpg

                    DHCP Offer from DHCP server (bridge MAC address to device MAC address)
                    2.jpg

                    Make sure the client is not rejecting it as a rogue dhcp server because the source MAC will have changed if it was previously on the interface directly.

                    I think this is very unlikely as all devices on all interfaces in the bridge canno't get DHCP IP address.

                    Pls note that if I delete the bridge and set DHCP server on each interface all devices can get their DHCP IP addresses.

                    kind regards

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      Do all interfaces in the bridge fail to hand out DHCP leases? Or just this new one?

                      If the pcap shows the DHCP offer leaving the member interface either it's not reaching the client or the client is rejecting it.

                      The client and server are using the same OUI there, they are both virtual devices?
                      Something in ESXi blocking/dropping it?

                      Steve

                      1 Reply Last reply Reply Quote 1
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.