Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP leases "leak" between interfaces

    DHCP and DNS
    5
    6
    702
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      droopy4096
      last edited by droopy4096

      Hi, I have recently switched from vanilla FreeBSD firewall with a lot of custom setup to pfSense as I was getting tired of maintaining all the spaghetti mess I've created over the years.

      I have set up 4-interface pfSense box with 3 ethernet connections:

      1. WAN (DHCP client)
      2. LAN (DHCP server)
      3. WIFI (DHCP server) (this one connects to UniFi AP)

      It is a home network so initially I though I'd keep things simple and allow anything to cross LAN<->WIFI...

      The problem I'm facing is that I've got machines on WIFI getting LAN leases and vice-versa. I took a quick look at the /etc/dhcpd.conf and it looks very similar to what I've used to have with my old vanilla FreeBSD setup.

      Here are the snaps of rules for LAN:
      Screenshot_20201015_225138.png
      and WIFI:
      Screenshot_20201015_225310.png
      I've added custom "block" rules to stop DHCP requests crossing network boundaries.

      under DHCP server I've got Deny unknown clients for each interface and have all the clients with their MACs provided. Some of them get the proper IP and all is good, but then some do get LAN IP on a WIFI net and vice-versa... and I just can't put my finger on it...

      Here's what DHCP logs look like for a client making a DHCP request on LAN interface (notice how both igb1 and igb2 respond, whereas I'd expect igb1 only): Screenshot_20201015_231038.png

      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        Fixed in 2.5-DEV:
        https://redmine.pfsense.org/issues/1605

        1 Reply Last reply Reply Quote 0
        • Cool_CoronaC
          Cool_Corona
          last edited by

          Could it be that a wrong lease on the wrong interface would enable the client to access things he shouldnt??

          1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott
            last edited by

            Any chance you're running VLANs through a TP-Link managed switch? Some models have a problem where VLAN1 appears on all VLANs.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            D 1 Reply Last reply Reply Quote 0
            • D
              droopy4096 @JKnott
              last edited by

              @JKnott that indeed happened to be the case with my NetGear switch assigning VLAN1 to all the untagged interfaces... 🤦 took me a while to convince it otherwise and now things seem to be OK. Although I'm surprised now that dhcpd was OK assigning cross-network IPs despite explicit instructions to give IP to a specific MAC from a specific LAN... odd behavior I must say.

              1 Reply Last reply Reply Quote 0
              • M
                mcury
                last edited by

                This happened to me using a TL-SG108E HW2.0 (TP Link cheap switch).

                dead on arrival, nowhere to be found.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.