Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP-offers traveling Filtering bridge?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 2.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sussox
      last edited by

      I have pfSense set up as a filtering bridge with a public C-class net on the "LAN"-interface. Last friday i started to get strange DHCP-offers, and after some troubleshooting i realised that the offers was coming from the WAN-interface (they disappeared when pulling the WAN-cable). SO.. How can this traffic travel over the bridge? Isn't it supposed to be firewalled? I have a default reject of all traffic i don't want to accept like so:

      
TCP/UDP  	 *  	 *  	 AAA.BBB.164.0/24  	 *  	 *

      I also tried replacing TCP/UDP with Any to block this, but no success. How do i stop the DHCP-broadcasts? Firewall also works fine otherwise, regular traffic like HTTP/SSH etc etc is blocked as it should be, except to selected hosts.

      1 Reply Last reply Reply Quote 0
      • S
        sussox
        last edited by

        I have now done a lab. a pfsense box with same config as my firewall. On the LAN-side i connected a "client-computer". On the WAN-side i connected a computer acting as router. I also ran a DHCP-server on this computer.

        When i use the DHCP-client on the client-computer on the LAN-interface i get a DHCP-adress from the server on the WAN-interface. This is not right! How to block the DHCP?

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG
          GruensFroeschli
          last edited by

          Have you enabled the filtering bridge?
          "System" –> "Advanced" --> "Enable filtering bridge"

          Also have you tried removing all rules on both interfaces?
          There is per default an invisible "block all" rule in place.
          So if you delete all rules, everything should be blocked.

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • S
            sussox
            last edited by

            Ok, now i have checked the above. Filtering brigde is enabled. And all rules are removed on both WAN and LAN. I still see DHCP-ACK in the log of the DHCP-server on the WAN when i renew the lease on the DHCP-client on the LAN. Isnt this strange?

            1 Reply Last reply Reply Quote 0
            • S
              sussox
              last edited by

              @sussox:

              Ok, now i have checked the above. Filtering brigde is enabled. And all rules are removed on both WAN and LAN. I still see DHCP-ACK in the log of the DHCP-server on the WAN when i renew the lease on the DHCP-client on the LAN. Isnt this strange?

              This is driving me crazy.. I have it running with a single rule, blocking ANY protocol from the LAN-net to the WAN. But still the DHCP travels the bridge!

              When i disable the bridge, the DHCP stops working (of course) but when using a filtred bridge with no rules (or a single a block all-rule, like above) DHCP still gets through.. Bug?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.