DHCP not working across bridge. Bridge has IP and dhcp server, physical interfaces have no IP or DHCP server.

  • Hi,
    I have been banging my head against this for about three days now.

    I have 3 interfaces, bridge0, vtnet1, vtnet2. The members of bridge0 are vtnet1 and vtnet2.

    If I assign an IP address to vtnet1 and enable a dhcp server there, I can get an IP on the device I have plugged into vtnet2.

    If I remove the IP address from vtnet1, disable the dhcp server on vtnet1, but put an IP and DHCP server on bridge0, I cannot get DHCP on the device on vtnet2.

    If I tcpdump bridge0, I can see the dhcp traffic. Why isn't the dhcp server responding to it?
    I have all/all/all/all rules on vtnet1, vtnet2, and bridge0. I have added specific UDP all/67-68/all/67-68 rules to all three interfaces after becoming desperate.

    tcpdump -i bridge0 -n port 67 and port 68
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on bridge4, link-type EN10MB (Ethernet), capture size 262144 bytes
    01:07:40.188954 IP > BOOTP/DHCP, Request from 00:24:9b:11:3a:53, length 300
    01:07:46.099678 IP > BOOTP/DHCP, Request from 00:24:9b:11:3a:53, length 300
    01:07:49.447344 IP > BOOTP/DHCP, Request from 00:24:9b:11:3a:53, length 300
    01:07:57.997038 IP > BOOTP/DHCP, Request from 00:24:9b:11:3a:53, length 300

    Oh, and interestingly, if I static my IP on the device plugged into vtnet2, I can ping my gateway and route out, so it seems to be broadcast traffic specific.

    I feel like I'm missing something simple here, but any help would definitely be appreciated.

  • Rebel Alliance Developer Netgate

    What are the exact rules you have on each interface? And what are the current values of the tunables net.link.bridge.pfil_member and net.link.bridge.pfil_bridge?

    In a bridged setup the most optimal configuration has the bridge0 interface assigned with the IP address, DHCP server, and so on configured there.

    You will need special rules to pass DHCP but if your rules really are any source / any destination / any port that should cover them,

  • Honestly, I'm afraid I gave up after waiting a few days for a response.
    I now have the bridge set to no ip and the physical interface set with the ip.

    It's ugly, and it prevents some future configurations I wanted to have access to, but it works.

  • And I got a developer response too, shit.

    I did, and do have pfil_member set to 0, and pfil_bridge set to 1.

    Rules were set to proto any, source any, dest any...
    I'll reattempt either tonight or in the next day or two with one of my unused physical interfaces and let you know.

Log in to reply