0.0.0.0:68 -> 255.255.255.255:67 Blocked (Can't unblock)
-
One thing I noticed on my WAN (with a default install) is that traffic from SOURCE 0.0.0.0:68 to DEST 255.255.255.255:67 (UDP) is getting blocked. This is preventing me from getting an address from DHCP. If I "Easy Rule" this and allow the traffic in the firewall, it still blocks it. I don't have any additional rules explicitly blocking this, since its a pretty vanilla install.
My guess is that its possibly caused by "Block private networks" and/or "Block bogon networks". Is that a good guess? If it is those, is it possible to keep those enabled but allow for DHCP traffic?
-
I think what you are seeing is actually another device on the WAN side trying to do DHCP.
This would be the expected behaviour, as you're not running a DHCP server on the WAN side. -
As awebster mentions that is a dhcpdiscover, that is some client asking for IP from dhcp, has nothing to do with pfsense getting an IP via dhcp.
-
Yep, nothing to do with your DHCP client. Power cycle your modem (assuming that's what WAN is plugged into) after changing devices, that's almost always why you can't pick up a lease.
-
First: Bumping very old topic I know, but I believe still very relevant to clarify. Also, this forum topic was top on my searchlist when searching on this subject ;-)
The reason I came upon this thing, was my firewall(pfsense) log, getting filled up with these entries every 3 seconds.
I have also struggled to find out what the heck this was. I have spent loads of time on it. In the end, trial and error, leaving out every network part 1 by 1.
I found out, it comes from the ISP local-internet(whats it called?), all the isp-costumers, and when someone's modem is starting up, it sends dhcp request out on the network, speeding right through my isp-modem because it is in bridge mode, and ends up on the WAN-side of my pfsense router. Therefore the block bogon(private range ip-adresses), in the firewall log.
In pfsense firewall and settings, I can tick off to NOT log those "block bogon" packets, if I those to.
RafterX out.