Stop DHCP between Interfaces



  • Hi

    I'm currently testing a few setup scenarios

    WAN is currently on my main network 192.168.18.1
    LAN 192.168.1.1
    OPT1 192.168.2.1

    I've set a wifi access point on 192.168.2.254 and connected a client to it.
    The firewall rules allow this client access to OPT1 and WAN, but not LAN.

    My issue is on my main network I have a DHCP server, so the wireless client has got an IP Address from that DHCP server, not the one configured on OPT1.

    Can I stop that  ?  so DHCP requests going across interfaces ?

    Thanks


  • Rebel Alliance Global Moderator

    It is not possible for that to happen, unless you setup dhcp relay??  Or your networks are connected at layer 2?

    So your connecting both your lan and opt to the same switch, which does not support vlans - and or you have not isolated with vlans?

    Can you draw up your network.  When you say you have a dhcp server on your main lan, you do mean other than pfsense right.  And on your opt1 what is providing dhcp?

    If your lan and opt are connected to the same switch it needs to support vlans and you need to create different vlans for lan and opt.  Or you need to use 2 different dumb switches.  Connecting both your lan and opt to the same dumb switch amounts to running 2 layer 3 networks on the same layer 2.  And yeah that is a borked config.



  • How stupid do I feel  :P

    Everything is running in VM on one host all sharing the same LAN and switch port, which is then connected to my LAN.
    So it's all shared with no VLANs or segmentation..

    I should have realised..  :-[

    Moving forward I'm looking at this with 8GB Ram and 64GB SSD
    https://www.amazon.co.uk/gp/product/B01LEU8JO8/ref=pd_sbs_147_1?ie=UTF8&psc=1&refRID=972HZ9G17J3Y73S2J24M

    I'm assuming each Interface will be isolated from the other, unless I add specific rules.

    Thanks


  • Rebel Alliance Global Moderator

    Unless you plug them into the same dumb switch ;)



  • Thanks.
    I'm hoping to setup the ports as

    1 WAN
    2 LAN
    3 WiFi access point

    And then do rules to only allow specific WiFi clients (by IP) to the LAN, but all can have WAN access.

    Happy to accept some advice on this  :D


  • Rebel Alliance Global Moderator

    sure that is very simple setup.