Disallow DHCP traffic between VLANs
-
Hi,
I have 5 vlans in my pfsense setup. Each of them has its own network subnet and for 4 of them, pfsense acts like a dhcp server.
For one of the vlans, the dhcp server of pfsense is not activated on the interface but I did setup a centos DHCP server.
There is not firewall rules on that specific interface thus no traffic should be allowed to/from that subnet.
I have a strange behaviour, devices from other subnets do get IP adresses from centos dhcp server. How can I dissallow dhcprequest going to that interface coming from the other 4 ones?
Thx
-
pfSense do not forward DHCP requests from interfaces which have DHCP server activated.
DHCP requests are broadcasts. The only way to forward them is by DHCP relay, but this cannot not be activated, while you're running a DHCP server on pfSense.So the DHCP requests in your VLANs must take another way.
-
I don't see what other way ... here is a diagram:
All the devices connected to the wifi get IP from the VLAN 51 where that standalone DHCP is running.
In the pfsense logs I get this kind of messages:DHCPREQUEST for 192.168.51.120 (192.168.30.1) from aa:aa:aa:aa:aa:aa via igb1: wrong network.