Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why does the UI allow duplicate IP addresses (different MACs) in DHCP static mappings?

    DHCP and DNS
    2
    6
    835
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • luckman212L
      luckman212 LAYER 8
      last edited by luckman212

      Yesterday I was troubleshooting an issue where a VM was constantly losing it's connectivity (Windows machine, the famous "⚠️yellow exclamation mark"). After a lot of head scratching I finally realized it was a simple IP address conflict on the pfSense.

      I didn't realize that I'd mistakenly assigned the same static DHCP mappings to 2 VMs.

      I searched the git history for when this change was made, and found it here:

      • https://redmine.pfsense.org/issues/8220
      • commit b260591

      Can I ask what the reasoning is to allow this? I understand the corner case of a device with multiple interfaces (e.g. wired & wireless) where only one is supposed to be connected at any given time, and the user wants the IP to remain constant. But that is solveable in other ways. I think this is a potential footgun.

      It would be nice if at least a warning infoblock was printed after hitting Save.

      luckman212L 1 Reply Last reply Reply Quote 0
      • luckman212L
        luckman212 LAYER 8 @luckman212
        last edited by luckman212

        @jimp I submitted a PR for this: #4594

        1ac69e49-e449-4de0-8bd9-7c0b52ac4a24-image.png

        DerelictD 1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate @luckman212
          last edited by Derelict

          @luckman212 POLA dictates that checkbox should default to checked. Does it?

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          luckman212L 1 Reply Last reply Reply Quote 0
          • luckman212L
            luckman212 LAYER 8 @Derelict
            last edited by

            @derelict Having it default to checked would negate the entire purpose of this change. POLA was not applied to the original commit, so I do not think it applies here either. I was more "astonished" when my DHCP was broken due to an address conflict.

            DerelictD 1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate @luckman212
              last edited by

              @luckman212 As long as the behavior does not change for existing configurations.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              luckman212L 1 Reply Last reply Reply Quote 0
              • luckman212L
                luckman212 LAYER 8 @Derelict
                last edited by

                @derelict Correct—Nothing would change at all until the user actually goes in to edit an entry and either creates a new duplicate (or tries to save an existing one). At that point, the warning would be shown. All they have to do is check the box and re-save.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.