Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server
-
So is dhcpd actually running, does it hand out IPs for this scope?
Can we see the full start of log of dhcpd? Are you seeing any other errors about binding to interface or anything like that?
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
So is dhcpd actually running, does it hand out IPs for this scope?
Can we see the full start of log of dhcpd? Are you seeing any other errors about binding to interface or anything like that?
DHCP runs fine and binds to all interfaces configured (vmx0 - vmx3)
[2.4.4-RELEASE][root@firewall.lan]/var/log: ps auxww | grep -i dhcpd root 44059 0.0 0.0 6200 2204 - Is 14:18 0:00.00 /usr/local/sbin/dhcpleases -l /var/dhcpd/var/db/dhcpd.leases -d lan -p /var/run/unbound.pid -u /var/unbound/dhcpleases_entries.conf -h /etc/hosts root 45542 0.0 0.0 6408 2600 - Ss 23:36 1:32.06 /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/run/log -l /tmp/haproxy_chroot/var/run/log -P /var/run/syslog.pid -f /etc/syslog.conf -b 192.168.14.1 dhcpd 56636 0.0 0.0 12584 8224 - Ss 14:18 0:00.01 /usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid vmx1 vmx2 vmx3 vmx0 root 83462 0.0 0.0 6764 2764 0 I+ 13:08 0:00.00 more dhcpd.conf root 47558 0.0 0.0 6564 2456 1 S+ 14:19 0:00.00 grep -i dhcpd [2.4.4-RELEASE][root@firewall.lan]/var/log:No DHCP log looks clean, he is a log fresh from going to the Web UI and hitting SAVE on the LAN interface in DHCP page. This log also shows me turning WiFi off and on for a device showing it handing out the proper IP based on static. I also have non static clients getting from the range without issue.
Message from syslogd@firewall at Dec 23 14:18:03 ... firewall php-fpm[28463]: /index.php: Successful login for user 'admin' from: 192.168.14.1 (Local Database) Dec 23 14:18:16 firewall dhcpleases: /etc/hosts changed size from original! Dec 23 14:18:16 firewall dhcpleases: Sending HUP signal to dns daemon(15582) Dec 23 14:18:16 firewall dhcpleases: Could not deliver signal HUP to process because its pidfile (/var/run/unbound.pid) does not exist, No such process. Dec 23 14:18:16 firewall dhcpleases: kqueue error: unknown Dec 23 14:18:16 firewall dhcpleases: Sending HUP signal to dns daemon(46048) Dec 23 14:18:17 firewall dhcpd: Internet Systems Consortium DHCP Server 4.3.6-P1 Dec 23 14:18:17 firewall dhcpd: Copyright 2004-2018 Internet Systems Consortium. Dec 23 14:18:17 firewall dhcpd: All rights reserved. Dec 23 14:18:17 firewall dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Dec 23 14:18:17 firewall dhcpd: Config file: /etc/dhcpd.conf Dec 23 14:18:17 firewall dhcpd: Database file: /var/db/dhcpd.leases Dec 23 14:18:17 firewall dhcpd: PID file: /var/run/dhcpd.pid Dec 23 14:18:17 firewall dhcpd: Internet Systems Consortium DHCP Server 4.3.6-P1 Dec 23 14:18:17 firewall dhcpd: Copyright 2004-2018 Internet Systems Consortium. Dec 23 14:18:17 firewall dhcpd: All rights reserved. Dec 23 14:18:17 firewall dhcpd: For info, please visit https://www.isc.org/software/dhcp/ Dec 23 14:18:17 firewall dhcpd: Wrote 0 deleted host decls to leases file. Dec 23 14:18:17 firewall dhcpd: Wrote 0 new dynamic host decls to leases file. Dec 23 14:18:17 firewall dhcpd: Wrote 3 leases to leases file. Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx0/00:50:56:b5:29:1a/192.168.215.0/24 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx0/00:50:56:b5:29:1a/192.168.215.0/24 Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx3/00:50:56:b5:af:39/192.168.220.0/24 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx3/00:50:56:b5:af:39/192.168.220.0/24 Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx2/00:50:56:b5:de:62/192.168.24.0/23 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx2/00:50:56:b5:de:62/192.168.24.0/23 Dec 23 14:18:17 firewall dhcpd: Listening on BPF/vmx1/00:50:56:b5:4a:64/192.168.14.0/23 Dec 23 14:18:17 firewall dhcpd: Sending on BPF/vmx1/00:50:56:b5:4a:64/192.168.14.0/23 Dec 23 14:18:17 firewall dhcpd: Sending on Socket/fallback/fallback-net Dec 23 14:18:17 firewall dhcpd: Server starting service. Dec 23 14:18:17 firewall dhcpleases: Sending HUP signal to dns daemon(46048) Dec 23 14:18:17 firewall dhcpleases: Sending HUP signal to dns daemon(46048) Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPREQUEST for 192.168.14.200 from f0:c3:71:56:93:c3 via vmx1 Dec 23 14:19:02 firewall dhcpd: DHCPACK on 192.168.14.200 to f0:c3:71:56:93:c3 via vmx1 -
@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
firewall php-fpm[350]: /services_dhcp.php
There is where the error is coming from.. Not actually dhcpd, but why have no idea... Do you have any vips or anything.. You didn't set your own odd rules for dhcp on lan did you?
Only thing off the top would be to get rid of all settings and start over.. Changing the range if you need to, and then moving it back to the /23 you want... For the life of me can not understand why your using /23 in the first place... Why would you not just use a /24? You don't seem to have that many clients that /24 would not be enough space.
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
firewall php-fpm[350]: /services_dhcp.php
There is where the error is coming from.. Not actually dhcpd, but why have no idea... Do you have any vips or anything.. You didn't set your own odd rules for dhcp on lan did you?
Only thing off the top would be to get rid of all settings and start over.. Changing the range if you need to, and then moving it back to the /23 you want... For the life of me can not understand why your using /23 in the first place... Why would you not just use a /24? You don't seem to have that many clients that /24 would not be enough space.
Size of the subnet is irrelevant since I have an IoT without the issue setup the same way. But in lieu of testing I disabled DHCP on the LAN, adjusted the RANGE first for a /24 and then when I saved it no error. I changed LAN from /23 to /24, went back in and enabled DHCP which showed the proper /24 subnet mask and all and the same error occurred but for the /24....
Dec 23 18:35:51 firewall php-fpm[49585]: /services_dhcp.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/24 detected. Please correct the settings in Services, DHCP ServerWhat is going on with this?
-
I agree the /23 is irrelevant, just a really ODD choice ;) You can not possible have that many devices on each segment that a /23 is called for - do you? ;)
Yes the error is odd, have never seen it in the 10 some years using pfsense..
You don't have any vips or anything setup? Try moving away to a different range completely.. It doesn't say overlap any tunnels or remote networks for say openvpn? You don't have any routes setup for that range or overlap?
Lets call in the big guns @jimp and @Derelict and see if they have any ideas..
-
@johnpoz said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
I agree the /23 is irrelevant, just a really ODD choice ;) You can not possible have that many devices on each segment that a /23 is called for - do you? ;)
Yes the error is odd, have never seen it in the 10 some years using pfsense..
You don't have any vips or anything setup? Try moving away to a different range completely..
Lets call in the big guns @jimp and @Derelict and see if they have any ideas..
I've got a pfblockerng VIP but the issue occurred even before the VIP was in place.
-
That normally defaults to 10.10.10 or something that shouldn't be a issue.. I was thinking something is overlapping... I did a query on the code for services_dhcp.php and I don't even see where that error would be called out..
Do you have anything else that could be possible overlapping that range in someway, a vpn tunnel network or remote, or something else... Is it possible to change it so something completely different say 192.168.100 or something that doesn't overlap any of your other networks.
If that works fine without any errors we can put it back to the 192.168.14, for sure we need to figure out what exactly is causing it.. Even if cosmetic which it seems to be since your saying dhcp is working. The error being generated is not all that helpful.. It sure is valid from a range point of view from what you have posted.
-
These are in comment lines before the error is spit out :
// If the user has changed the subnet from the interfaces page and applied, // but has not updated the DHCP range, then the range to/from of the pool can be outside the subnet. // This can also happen when implementing the batch of changes when the setup wizard reloads the new settings. .... some tests ... // Even though the running interface subnet does not match the pool range, // the interface subnet in the config file contains the pool range. // We are somewhere part-way through a settings reload, e.g. after running the setup wizard. // services_dhcpdv4_configure will be called again later when the new interface settings from // the config are applied and at that time everything will match up. // Ignore this pool on this interface for now and just log the error to the system log.Btw : /etc/inc/services.inc
-
So shouldn't error have gone away after he changed it to /24, etc.. ?
Good trackdown! I didn't think to look there ;)
-
An error like this
Dec 23 08:47:35 firewall php-fpm[28463]: /services_unbound.php: New alert found: Invalid DHCP pool - for LAN subnet 192.168.14.0/23 detected. Please correct the settings in Services, DHCP Servermisses nearly half the information - and that why it's triggered.
Compare this to the actual error text string :
$error_msg = sprintf(gettext('Invalid DHCP pool %1$s - %2$s for %3$s subnet %4$s/%5$s detected. Please correct the settings in Services, DHCP Server'), $poolconf['range']['from'], $poolconf['range']['to'], convert_real_interface_to_friendly_descr($dhcpif), $subnet, $ifcfgsn);Only variables %3$s - %4$s %5$ = 3, 4 and 5 print useful text, which are convert_real_interface_to_friendly_descr($dhcpif), $subnet and $ifcfgsn
These become 'LAN', '192.168.14.0' and '23' in your case.
Variable 1 and 2, in that pool, $poolconf['range']['from'] and $poolconf['range']['to'] are probably not defined and/or empty.
That triggers the error.@pyrodex : check you config.xml and compare good relation between :
<interfaces> .... <lan> <if>fxp0</if> .... <enable></enable> .... <ipaddr>192.168.1.1</ipaddr> <subnet>24</subnet>and
<dhcpd> <lan> <range> <from>192.168.1.70</from> <to>192.168.1.253</to> </range> ....Also, are there any 'sub' <pool> in :
<dhcpd> <lan> .... <pool> <range> <from>192.168.1.210</from> <to>192.168.1.220</to> </range>?
Probably not related :
Take also a look at this :@pyrodex said in Invalid DHCP pool - for LAN subnet 192.168.xx.0/23 detected. Please correct the settings in Services, DHCP Server:
Dec 23 14:18:16 firewall dhcpleases: Sending HUP signal to dns daemon(46048)
one second later :
Dec 23 14:18:17 firewall dhcpleases: Sending HUP signal to dns daemon(46048)
Dec 23 14:18:17 firewall dhcpleases: Sending HUP signal to dns daemon(46048)Check your syslog for more "Sending HUP signal to dns daemon".
Unbound being restarted many times per minute is not good at all. -
<lan> <descr><![CDATA[LAN]]></descr> <if>vmx1</if> <enable></enable> <spoofmac></spoofmac> <ipaddr>192.168.14.1</ipaddr> <subnet>23</subnet> <ipaddrv6>track6</ipaddrv6> <track6-interface>wan</track6-interface> <track6-prefix-id>1</track6-prefix-id> </lan><lan> <range> <from>192.168.15.220</from> <to>192.168.15.240</to> </range> <enable></enable> <failover_peerip></failover_peerip> <defaultleasetime>86400</defaultleasetime> <maxleasetime></maxleasetime> <netmask></netmask> <gateway></gateway> <domain>lan</domain> <domainsearchlist>lan;iot;dmz</domainsearchlist> <ddnsdomain></ddnsdomain> <ddnsdomainprimary></ddnsdomainprimary> <ddnsdomainkeyname></ddnsdomainkeyname> <ddnsdomainkeyalgorithm>hmac-md5</ddnsdomainkeyalgorithm> <ddnsdomainkey></ddnsdomainkey> <mac_allow></mac_allow> <mac_deny></mac_deny> <ddnsclientupdates>allow</ddnsclientupdates> <tftp>192.168.14.31</tftp> <ldap></ldap> <nextserver>192.168.14.31</nextserver> <filename>pxelinux.0</filename> <filename32>syslinux32.efi</filename32> <filename64>syslinux64.efi</filename64> <rootpath></rootpath> <numberoptions></numberoptions>I fixed it myself by removing all my static maps and re-adding...
-
So what what wrong with the statics? I looked through them I didn't see anything that was out of scope..
