Enable DHCP only on LAN IN

LohanDett

Hello,
I'm new to pfSense. I recently installed it and everything is working fine so far, only that the DHCP Server sends requests to all my other VMs (in Proxmox). How can I disable this? I want it to operate in LAN interface on locale basis (e.g. for vpn) only.

Thanks for your help.

johnpoz

Well you have to isolate your different stuff to an other layer 2.

LohanDett

This post is deleted!

LohanDett

@johnpoz What do you mean with different stuff? On Proxmox side or pfSense? Is this an intended behavior of the DHCP Server config?
I prefer to solve it within the pfSense VM since it's not intented to serve for any services in Proxmox => standalone.

johnpoz

Any device or VM on the same layer 2 as dhcp server can get dhcp from that server.. Isolate your different vms or physical devices on to different layer 2 networks if you don't want them to be served by that dhcp server.

LohanDett

@johnpoz Can't figure out how.. I created a vlan and assigned it as another interface but couldn't select it in dhcp server config though it has a static local ipv4.

johnpoz

did you enable dhcp server on it?

Any interface is NOT a wan, ie doesn't have a gateway set and has a static IP on it be native or vlan will be listed as being able to have dhcpd enabled or not.

Two of those W_ interfaces are vlans.

Did you actually "enable" the interface ;)

LohanDett

@johnpoz Doesn't work for me:

~~--------------------------------------------------------------------------------------------------------------~~

Guess I missed a configuration but this is looking pretty similar to yours.
.
.
.

Well, I guessed I messed up something anyways, can't connect to firewall services through VPN anymore (is dhcp required for this?).

LohanDett

If I manually type the iface name in the url it's working. Maybe this is just a bug in dev branche version?

johnpoz

And your opt1 interface is actually "enabled" you can put an IP on it without actually clicking "enable" show us your opt1 interface.

Your running 2.5 ver - then you post should be in that section

LohanDett

@johnpoz LAN ip is 192.168.1.1 if that's relevant, dunno..

Thanks for your help.

johnpoz

Well I can tell you the mask is wrong.. You can not run dhcpd when the mask is /32 there is no range to use - you prob want that at /24

LohanDett

@johnpoz Indeed, that was the trick. Thank you so much, I didn't notice that it was set wrong.

Now I can block traffic to WAN and stop it going out of the network.

johnpoz

Not really a "trick" but yeah setting /32 for sure not going to allow you to run dhcpd ;)

LohanDett

@johnpoz Yh no magic.

This would block dhcp traffic from going out and keep it inside that vlan? Sry for that dumb question, used to have different nic's before for this, haven't really worked with vlans before.