DHCP error message question

bmf7777 · Apr 5, 2022, 4:50 AM

my dhcp logs have many of these error messages after DHCPREQUEST ...

Apr 4 21:44:54 dhcpd 19166 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 4 21:44:54 dhcpd 19166 send_packet: Host is down

is this something to be concerned about ... how do i eliminate these ? thanks in advance,

stephenw10 · Apr 5, 2022, 12:13 PM

If the host request coming in over a different interface maybe?

Gertjan · Apr 5, 2022, 2:40 PM

@bmf7777 said in DHCP error message question:

my dhcp logs have many of these error messages after DHCPREQUEST .

Can we see them ? Can we see more log lines ?
It's the dhcp process, that's the one using a WAN interface to obtain a WAN IP, among others, for the WAN interface.
What in front of your WAN interface ?

IMHO, a dhcp (or dhcp-client)) process is bound - use - one interface, like WAN or WAN1 or WANx.
For info dhcpd is using LAN type interfaces. That's a "server" process.

I've been looking at some general "dhcp Failed to send 300 byte long packet over fallback interface" results, and a lot comes back with : DHCP (UDP over 67 and/or 68) can go out of the WAN interface, some iptables rules were needed. pfSense doesn't use iptables, and has another firewall 'model'.
pfSense WAN Interface rules are all about traffic coming INTO - that is into pfSense - the WAN interface. Outgoing traffic is permitted by default, and for DHCP traffic extra hidden rules should permit DHCP traffic.

Is "packet over fallback interface" is strange. What 'fallback' interface ? I don't understand the context.

bmf7777 · Apr 5, 2022, 3:06 PM

here's more log entries ... wan is connected (via ethernet) to a cable modem ... i have a backup wan (wanf) that is switches to wanf if wan is down (using iphone cellular connection) ... wan is soild with no issues

Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 5 08:03:39 dhcpd 34821 send_packet: Host is down
Apr 5 08:03:39 dhcpd 34821 DHCPACK on 192.168.1.35 to 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 DHCPREQUEST for 192.168.1.35 from 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 reuse_lease: lease age 73 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.35
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 5 08:03:39 dhcpd 34821 send_packet: Host is down
Apr 5 08:03:39 dhcpd 34821 DHCPACK on 192.168.1.35 to 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 DHCPREQUEST for 192.168.1.35 from 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 reuse_lease: lease age 73 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.35
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.
Apr 5 08:03:39 dhcpd 34821 send_packet: Host is down
Apr 5 08:03:39 dhcpd 34821 DHCPACK on 192.168.1.35 to 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 DHCPREQUEST for 192.168.1.35 from 18:b4:30:08:7d:86 (02AA01AC23130ACK) via ix1
Apr 5 08:03:39 dhcpd 34821 reuse_lease: lease age 73 (secs) under 25% threshold, reply with unaltered, existing lease for 192.168.1.35
Apr 5 08:03:39 dhcpd 34821 dhcp.c:4131: Failed to send 300 byte long packet over fallback interface.

stephenw10 · Apr 5, 2022, 3:19 PM

What sort of clients are doing this? Anything in particular? Wireless devices perhaps?

bmf7777 · Apr 5, 2022, 3:20 PM

something at layer 2 is blocking the arp reply from this device (.35) ... it happening to many clients on my network

stephenw10 · Apr 5, 2022, 3:22 PM

All wireless clients?

We saw something like this recently on some Aruba APs I think it was.

bmf7777 · Apr 5, 2022, 3:23 PM

yes wireless (unifi controller, ap and switches )

mcury · Apr 5, 2022, 3:26 PM

maybe dhcp snooping?

bmf7777 · Apr 5, 2022, 3:28 PM

@mcury said in DHCP error message question:

maybe dhcp snooping?

that what negate tac was thinking ... however my big switches (edgeswitch) don't appear to have this feature exposed in the gui ... my smaller (8p) switches unifi us-8 for APs only has IGMP snooping which i have off ... not clear

bmf7777 · Apr 5, 2022, 3:30 PM

my system (xg-1537 and unifi APs, switches cloudkey2) has been working great for a couple of years ... then boom lots of DHCP issues everywhere

mcury · Apr 5, 2022, 3:38 PM

@bmf7777 what about arp inspection?
it works for arp anti spoofing, but I'm not sure if unifi switches have this option..

Edit:
Checked a few sites, and people solved this error by allowing outbound connections on port 67..
It seems a problem with firewall rules? Although pfsense allows that by default in implicit rule..

bmf7777 · Apr 5, 2022, 3:55 PM

i found one switch port of a large switch that had DHCP snooping enabled ... could this one port cause an issue ? (turned it off )

mcury · Apr 5, 2022, 4:37 PM

@bmf7777 Is this happening only in the 192.168.1.0 network?
Is this network connected to that switch you mentioned?

If you connect through ssh to pfsense, or console access and type the following:
pfctl -sr | grep DHCP

Do you see a pass out quick on for that network/interface?

Edit: Tried to reproduce the problem by commenting the following line in /tmp/rules.debug, but the problem didn't happen..

pass out  quick on $WIFI proto udp from 192.168.10.1 port = 67 to any port = 68 ridentifier 1000004743 label "allow access to DHCP server"

stephenw10 · Apr 5, 2022, 5:11 PM

@bmf7777 said in DHCP error message question:

been working great for a couple of years ... then boom lots of DHCP issues everywhere

What changed? Firmware updates?