[solved] pfSense Firewall as a Gateway in DHCP not working

janyabanci · Jan 31, 2018, 2:02 PM

Hey Everybody,

I have a problem with setting up the following network:

Server: A DHCP Server run with dnsmasq with address 192.168.0.254
Clients: A number of clients, leasing addresses from Server
Gateway: A Computer with pfSense, WAN and LAN (LAN address 192.168.0.253)

The _Gateway_s LAN gets its IP Address from Server, so do Clients.
Up to now, Server was also the gateway to the Internet. This is now changing
and the default (and only) gateway should be Gateway. So I added

dhcp-option=3,192.168.0.253

to dnsmasq. When I now check on any given Client for the route, I get

default via 192.168.0.253 dev enp2s0f0

which is and should be the new route to the pfSense Gateway. However, my clients are not
able to connect to the interweb. Gateway however is. I checked it on the machine
and, before LAN of Gateway was leasing the IP, it acted as a DHCP Server and clients
had Internet connection.

Do you have any idea what step I might have missed out on?

SammyWoo · Feb 10, 2018, 4:22 PM

@janyabanci:

The _Gateway_s LAN gets its IP Address from Server

Don't do this.

All infrastructure equipment (FW, routers, switches, blah-blah) should have static IP, according to my own best practice.

U can't configure a DHCP server to use a dynamically-assigned IP as gateway.

Give your FW LAN an static. Inform your DHCP server of the change. Ur done.

johnpoz · Feb 10, 2018, 4:50 PM

"The Gateways LAN gets its IP Address from Server"

Your saying pfsense is getting its IP from your dhcp server? Yeah that is not good idea at all..

Set pfsense lan as static… Does that fix your problem? Since it prob doesn't get a gateway now, since once pfsense sees a gateway on an interface it thinks its a wan interface, etc.

janyabanci · Feb 11, 2018, 11:02 AM

Ah yes, this was indeed the problem.
Thank you very much for your help!