Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is pfsense passing dhcp requests through its WAN interface?

    Scheduled Pinned Locked Moved General pfSense Questions
    10 Posts 5 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      UntouchedWagons
      last edited by

      This is a follow-up to my previous post, "pfSense router cannot ping or perform nslookups". I decided to forgo the buggy Advanced DMZ for regular DMZ.

      I changed the IP of my bell modem to 192.168.1.1 (from 192.168.0.1), changed the LAN IP of my pfsense box to 192.168.0.1 (from 192.168.0.3) and enabled dhcp. My main switch is connected to my pfsense box's LAN port, only the WAN port is connected to the bell home hub modem. The pfsense box's WAN IP is 192.168.1.10 as it should be, but some machines on the network are getting 192.168.1.0/24 IP addresses instead of 192.168.0.0/24 IP addresses.

      What the hell is going on?

      If a network diagram is needed, let me know of a good diagram maker.

      NollipfSenseN O 2 Replies Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        What are your exact settings on the LAN interface? And in the LAN DHCP tab?

        Did you maybe setup an unnecessary bridge between WAN and LAN?

        Do the client leases from 192.168.1.x appear under Status > DHCP Leases?

        Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        U 1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          pfSense will not be passing DHCP through unless you have bridging of some sort setup.

          Most likely the setting has not been changed completely on the LAN. Check that^.

          Alternatively you have a cable somehow bypassing pfSense or some other rogue DHCP server on the LAN.

          Steve

          1 Reply Last reply Reply Quote 0
          • U
            UntouchedWagons @jimp
            last edited by

            @jimp said in Why is pfsense passing dhcp requests through its WAN interface?:

            What are your exact settings on the LAN interface? And in the LAN DHCP tab?

            The IP range for DHCP is 192.168.0.60 to 192.168.0.90

            Did you maybe setup an unnecessary bridge between WAN and LAN?

            I checked, no bridges

            Do the client leases from 192.168.1.x appear under Status > DHCP Leases?

            They do not

            @stephenw10 said in Why is pfsense passing dhcp requests through its WAN interface?:

            pfSense will not be passing DHCP through unless you have bridging of some sort setup.

            There's no bridges

            Most likely the setting has not been changed completely on the LAN. Check that^.

            What setting would I look for?

            Alternatively you have a cable somehow bypassing pfSense or some other rogue DHCP server on the LAN.

            The only cable connected to the modem is the pfsense box and the only other dhcp server is the modem which is on its own network.

            1 Reply Last reply Reply Quote 0
            • jimpJ
              jimp Rebel Alliance Developer Netgate
              last edited by

              So what DHCP server do the clients report as receiving an address from?

              Perhaps you have a rogue DHCP server on your LAN, like a wireless AP, that was not changed to the new subnet.

              Remember: Upvote with the ๐Ÿ‘ button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • U
                UntouchedWagons
                last edited by

                I reinstalled pfsense, shut down all my networking equipment and started them up again and everything's getting appropriate IP addresses now. I have no idea what was going on.

                1 Reply Last reply Reply Quote 1
                • NollipfSenseN
                  NollipfSense @UntouchedWagons
                  last edited by

                  @UntouchedWagons said in Why is pfsense passing dhcp requests through its WAN interface?:

                  What the hell is going on?

                  @UntouchedWagons said in Why is pfsense passing dhcp requests through its WAN interface?:

                  I have no idea what was going on.

                  Usually, when one sees statements such as these, there was a typo or misconfiguration...I have sworn I put the correct server address only to realize I had an error/typo/misconfiguration...it's embarrassing and is a part of the learning processing...

                  pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                  pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                  1 Reply Last reply Reply Quote 0
                  • O
                    oweux @UntouchedWagons
                    last edited by

                    @untouchedwagons

                    We noticed this behavior after re-imaging the device and importing settings from an earlier version of pfsense.

                    In our case we found that under INTERFACES > WAN a box had become unchecked: "Block private networks and loopback addresses"

                    After checking and saving the changes no more DHCP leases were issued by the device on the other side of the WAN.

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S
                      stephenw10 Netgate Administrator
                      last edited by

                      It shouldn't matter what the firewall rules are and that's all the block private IPs setting is. DHCP request broadcasts from clients on the LAN cannot be routed to the WAN. DHCP only works inside the broadcast domain.
                      So if it actually was getting an IP from a server in a different subnet it must have been bridged or there was a dhcp proxy enabled.
                      It's far more common to find a rogue dhcp server on the LAN handing out IPs in the wrong subnet when that happens.

                      Steve

                      O 1 Reply Last reply Reply Quote 0
                      • O
                        oweux @stephenw10
                        last edited by

                        @stephenw10 Thank you for your insight.
                        In our case that was the only modification to the configuration after noticing the issue and it resolved it. Hopefuly others will able to try should the encounter the issue.

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.