PFSense DHCP server not issuing IP on OPT interface
-
Apologies for the long post (it does have pictures though!) & thanks in advance for your assistance:)
TL;DR:
I have a PFSense install with OPT interfaces. OPT1 is the only interface with DHCP enabled. Machine on OPT1 LAN can ping the PFSense OPT1 interface (and pfsense can ping the machine through the OPT interface) but is not receiving an IP at all (ideally it would get one from the DHCP server on OPT).Full story:
I'm running a PFSense box with 5 ports (WAN, LAN, OPT 1-3) in a virtual environment (VirtualBox) as shown below:
Currently I have the LAN & OPT3 attached to a bridged connection so that I can access the webgui from outside the virtual environment (it seems only the LAN port works for accessing the webgui). I also have OPT1 on a separate isolated connection (VirtualBox calls in an intnet). All other ports are on their own isolated intnets, and not connected to anything.
This OPT1 interface has DHCP enabled, but other systems (so far only tried a linux VM) do not get an IP. However, if I manually issue the linux VM an IP it can ping PFSense without a problem and pfsense can ping the linux box on OPT1.
Note that I do not have any static IP assignments on any DHCP interface at this time (though I intend to later).I've seen a few related questions that indicate firewalls may be an issue, so I've taken the liberty of attaching my firewalls rules below. I do not think they are the problem, but I'd be happy if they were--easy fix!
Thanks again for reading though this!
-
Whelp, I don't know who's rule it is that whenever you ask for help, you find the answer on your own....but that seems to be the case here! I spent days trying to figure this out and Google gives me the answer an hour after I write this up >_>
The problem was not with PFSense or DHCP server, but the DHCP client (a side of DHCP I was blissfully unaware of)! Linux was not assigning DHCP to anything beyond the 1st interface. Netplan seems to have replaced network interfaces for my install so I found the following webpage to be helpful (check what your dhclient is):
https://netplan.io/examples#connecting-multiple-interfaces-with-dhcp
-
You will almost certainly hit issues having two interfaces in the same subnet there at some point. That's not a valid config.
What are you trying to do there?
Steve
-
@stephenw10 interesting to hear that two ports on a subnet is not a valid config...that would probably explain the slowness I was seeing when I was trying to use that config! The fact that it would not just use whichever port is first is not intuitive to me, but good to know!
I was having issues using any non-LAN port to connect to the web GUI, so I kept the LAN port on their as a "debug" port...just my luck that my debug was causing bugs >_<
-
You can have two ports but they need to be configured in some sort of redundancy or failover mode such as a lagg and hence both be part of the same interface. Otherwise it breaks routing, pfSense doesn't know where to send traffic for that subnet. Or doesn't correctly match firewall states etc. You will find numerous things in the webgui won't allow you to make changes as the error checking excludes the same subnet.
Steve
-
@stephenw10 Good to know! That has already been taken care of in this instance by accident, but it's good to know for the future! Much appreciated :)