Multiple LANs - No DHCP Issue

AHOctet · Nov 19, 2016, 10:57 AM

Hello People of the Interwebs,

I've recently acquired a reasonably old Surf Control (now Websense) unit which has six gigabit NIC cards.

I've got PFSense installed and the WAN interface is working, as is the default LAN but I can't get any of the other optional interfaces to dish out DHCP.

My setup for Lan1 is as follows;

Interface and DHCP

Static IPv4: 10.10.0.1/24
DHCP for Lan1: 10.10.0.1 to 10.10.0.254

Firewall

IPv4 * LAN1 net * * * * none (Copied from the working, default LAN interface).

I've read various bits and pieces about allowing port 67 through 68 but this doesn't appear to work either.
In the firewall log are the following private network IP entries;

I've tried adding these rules to the firewall but to no avail.

Nov 19 10:57:01 LAN1 169.254.163.32:138 169.254.255.255:138 UDP

Any help in getting this working would be much appreciated.
Thank you

johnpoz · Nov 19, 2016, 11:05 AM

turning on dhcp server auto creates the firewall rules needed..

What would allowing udp 138 have to do with dhcp?? That would be netbios..

Why do you not sniff on your interface.. Do you see a dhcp discover? If not then no you can not hand out dhcp because the dhcp server is not seeing anything ask for an IP.. What is in your dhcp log?

AHOctet · Nov 19, 2016, 11:45 AM

Hi johnpoz,

The only reason I enabled that firewall rule was because it was the only thing I could see in the firewall log.
The following is what appears in the DHCP log;

Nov 19 11:43:08 dhcpd Can't bind to dhcp address: Address already in use
Nov 19 11:43:08 dhcpd Please make sure there is no other dhcp server
Nov 19 11:43:08 dhcpd running and that there's no entry for dhcp or
Nov 19 11:43:08 dhcpd bootp in /etc/inetd.conf. Also make sure you
Nov 19 11:43:08 dhcpd are not running HP JetAdmin software, which
Nov 19 11:43:08 dhcpd includes a bootp server.

I can't work out why though, no other DHCP server is assigning IPs to that interface, or that range anywhere else on the network. My computer is set to receive IPs from DHCP and plugging into the working (default LAN) interface will cause it to get an IP.

johnpoz · Nov 19, 2016, 12:03 PM

Well kind of hard to hand out ip addresses if dhcp is not even running..

I would suggest you shutdown all your dhcp servers on all your interfaces. And then restart them.. that sort of error tells you could not bind to the opt or vlan your trying to run it on..

So go to all your interfaces, uncheck dhcp. Then make sure in services dhcpd is not showing running. Then go back and enable your dhcp on your different interfaces. Check your log to see that starts up, etc.

You should see something more like 2nd pic where its listening and sending on all your different interfaces your running dhcp on.

AHOctet · Nov 19, 2016, 12:47 PM

Thanks for your reply, I've just tried as you've suggested and have only turned back on the default, working LAN interface but it still logs that there is a conflict.

Nov 19 12:44:36 dhcpd Internet Systems Consortium DHCP Server 4.3.4
Nov 19 12:44:36 dhcpd Copyright 2004-2016 Internet Systems Consortium.
Nov 19 12:44:36 dhcpd All rights reserved.
Nov 19 12:44:36 dhcpd For info, please visit https://www.isc.org/software/dhcp/
Nov 19 12:44:36 dhcpd Config file: /etc/dhcpd.conf
Nov 19 12:44:36 dhcpd Database file: /var/db/dhcpd.leases
Nov 19 12:44:36 dhcpd PID file: /var/run/dhcpd.pid
Nov 19 12:44:36 dhcpd Internet Systems Consortium DHCP Server 4.3.4
Nov 19 12:44:36 dhcpd Copyright 2004-2016 Internet Systems Consortium.
Nov 19 12:44:36 dhcpd All rights reserved.
Nov 19 12:44:36 dhcpd For info, please visit https://www.isc.org/software/dhcp/
Nov 19 12:44:36 dhcpd Wrote 7 leases to leases file.
Nov 19 12:44:36 dhcpd Listening on BPF/em4/00:01:69:00:ce:df/192.168.1.0/24
Nov 19 12:44:36 dhcpd Sending on BPF/em4/00:01:69:00:ce:df/192.168.1.0/24
Nov 19 12:44:36 dhcpd Can't bind to dhcp address: Address already in use
Nov 19 12:44:36 dhcpd Please make sure there is no other dhcp server
Nov 19 12:44:36 dhcpd running and that there's no entry for dhcp or
Nov 19 12:44:36 dhcpd bootp in /etc/inetd.conf. Also make sure you
Nov 19 12:44:36 dhcpd are not running HP JetAdmin software, which
Nov 19 12:44:36 dhcpd includes a bootp server.
Nov 19 12:44:36 dhcpd If you think you have received this message due to a bug rather
Nov 19 12:44:36 dhcpd than a configuration issue please read the section on submitting
Nov 19 12:44:36 dhcpd bugs on either our web page at www.isc.org or in the README file
Nov 19 12:44:36 dhcpd before submitting a bug. These pages explain the proper
Nov 19 12:44:36 dhcpd process and the information we find helpful for debugging..
Nov 19 12:44:36 dhcpd exiting.

AHOctet · Nov 19, 2016, 1:36 PM

Got it working.
How silly of me, of course in typical IT fashion the trick to getting it to hand out IPs was to turn the unit off and back on.

Thanks for your help johnpoz.

johnpoz · Nov 19, 2016, 2:18 PM

Still looks like you have a problem to me

Nov 19 12:44:36 dhcpd Listening on BPF/em4/00:01:69:00:ce:df/192.168.1.0/24
Nov 19 12:44:36 dhcpd Sending on BPF/em4/00:01:69:00:ce:df/192.168.1.0/24
Nov 19 12:44:36 dhcpd Can't bind to dhcp address: Address already in use

So looks like your only running on 192.168.1.0/24 and not your other itnerface/vlan..

AHOctet · Nov 19, 2016, 2:36 PM

Yep, still having a few issues but not related to the original post.

In the log I posted I had only turned on the DHCP server for the default LAN and it still reported this error despite this interface working.
Since physically powering off and back on the unit, I'm now able to get DHCP on my optional interface but I've hit a second predicament.

What I'm trying to do is setup my six NICs as follows;

WAN - WAN
Admin - Admin Only Interface, No LAN or WAN access
Lan1 through 4 - LAN and WAN access assigned by DHCP

I've bridged 1 through 4 and I can get internet access on all of them, and see other devices on the LAN but I can only get a DHCP address when plugged into Lan1.

I'm not too sure where I need to assign the DHCP server, would it be on Lan1 or do I need to assign the bridge to an interface and setup DHCP on this?

johnpoz · Nov 19, 2016, 2:41 PM

"I've bridged 1 through 4 and I can get internet access on all of them"

Dude if you need a switch get a switch…... There is ZERO reason to do what your trying to do..

jahonix · Nov 20, 2016, 12:41 AM

@AHOctet:

Static IPv4: 10.10.0.1/24
DHCP for Lan1: 10.10.0.1 to 10.10.0.254

@AHOctet:

Nov 19 12:44:36 dhcpd Can't bind to dhcp address: Address already in use

Sort out your DHCP issues first.
You cannot assign the interface a static IP AND hand that one out via DHCP. Adjust your DHCP range.

After you fixed that you should look at your various interfaces. Each is an own subnet with IP, rules and DHCP server which you have to configure and enable before being usable.

If you bridge interfaces things are different than you think.
Basic rule is: don't do that, get a switch instead!
A router port is never a replacement for a switch.

AHOctet · Nov 20, 2016, 1:02 PM

Thanks for the help both of you, I'm beginning to get an understanding for how it all needs to be setup now.
The DHCP errors have stopped and I'm now using a switch.

Twas a late night last night, fresh eyes this morning and all that.