Intended DHCP behaviour when bridging??



  • In another topic in this forum (http://forum.pfsense.org/index.php/topic,11300.0.html ) inode77 reported  on an upgrade from pfSense 1.2 to 1.2.1rc1 and noted:

    Only hickup:
    LAN-WLAN (bridged) => WLAN clients do not get DHCP lease.
    => syslog says "bridge0" and "wlan"  drops "DHCP request"
    Added rule to IF "wlan" (0.0.0.0:68 to 255.255.255.255:67 UDP) fixes this problem.

    to which cmb replied

    This is the expected behavior, that rule should have been required previously, now with a recent bug fix it is required.

    I had a similar experience to inode77 and perhaps, based on the reports of DHCP not working over wireless, a number of others did too. I did some experimentation and decided the DHCP behaviour I observed under build 1.2.1-RC1 built on Tue Aug 12 10:45:41 EDT 2008 was distinctly "quirky". Maybe some things have changed since then but based on inode77's reports not all the "quirky" things have changed.

    I had rl0 (LAN) bridged with ath0 (WLAN). DHCP requests from rl0 worked reliably. DHCP requests from ath0 didn't work reliably - they mostly didn't work but sometimes did work. After a few hours peering at traces and logs it became clear: "cold start" DHCP requests (from 0.0.0.0 to 255.255.255.255) from ath0 were blocked by the firewall BUT "warm start" DHCP requests (to the DHCP server IP address, e.g. for DHCP lease renewal) were not blocked by the firewall.

    The DHCP server allows me to enable DHCP on LAN interface but not the WLAN interface. I don't know why the WLAN interface doesn't appear as a tab under DHCP server (because its bridged?), but in that case I would expect it to inherit the DHCP settings of the bridged interface but instead it gets a partly working DHCP service.

    Its quirky to me that when I have bridged interfaces I can get reliable DHCP service on one of the interfaces by ticking a box but to get reliable DHCP service on the other interface I need to know enough about how DHCP works to be able to formulate a suitable firewall rule to cover the non obvious cases when DHCP doesn't work.

    I would like to see either DHCP service equivalently enabled on all interfaces of a bridged set if its enabled on any one interface of the bridged set OR the ability to enable DHCP service on any interface of a bridged set by ticking a box in the appropriate tab of the DHCP Server menu.

    But maybe I've missed something significant and there really is some virtue in the current DHCP treatment. If so, can anyone help me see it?


Log in to reply