Firewall rule needed for DHCP ?

  • Hi,

    We're running a 2-node pfsense 1.2.2 cluster.
    3 physical nic-ports in the server : 1x 'LAN',1x WAN,1x OPT1

    OPT1 interface is used for sync
    LAN interface is using VLAN's

    I have 2 issues I've been wondering about :

    1. On every 'LAN' interface (LAN + additional VLAN's) I have created a default rule '$LAN -> any' permit (as per the cluster howto).
      I've enabled DHCP relay on the various VLAN interfaces, and specified the IP of our internal DHCP-server.
      But, in order to get DHCP working I had to add the following rule on the subnet where the DHCP-server lives :

    UDP  68  67  *    Permit DHCP

    Otherwise, all DHCP requests from clients on the other VLAN would be blocked. Is this normal behaviour ?

    1. I see various log entries showing a block :

    Feb 21 20:53:05 LAN_VLAN41 TCP

    It shows that source (one of our workstation subnets) attempted to contact HTTP-service on, but got blocked.
    I just don't get why this get's blocked, since the only rule on LAN_VLAN41 interface is a 'permit any from to any'.
    Also… the rule that blocked it is the 'block drop in log quick all label "Default deny rule"' according to the WebUI

    How is this possible ?

Log in to reply