can pfsense filter isc.org dhcp server traffic?
-
I have my reasons for wanting to preserve the isc.org server that I have running on my file server.
I read online (somewhere) that, by default, a router would not forward DHCP traffic between interfaces. I further read that this might not work on an isc.org DHCP server because it uses raw packets. I don't know enough to test any of that.
What I do know is that I have tried two different routers. Let the ISC interface be the one that has my isc.org dhcp server. I claim that that ought to mean that the OTHER interface on the router should not be able to get DHCP packets originating on the ISC interface. But that's not what I observe. i've tried wireshark and such, and I can see packets, but I don't understand them sufficiently. I have tried to prevent the isc.org server from responding to the MAC address -- but both "deny booting" and "ignore booting" do not do what I need.
So, I'm considering a small PC running pfsense w/ two GBe interfaces. I will need one interface (WAN) to configure itself via DHCP; the other (LAN) I can assign a static IP, but I want it to ignore/drop all DHCP packets, so that the WAN interface can't get its configuration from the LAN side. Is this possible?
-
@iwishitwouldwork said in can pfsense filter isc.org dhcp server traffic?:
So, I'm considering a small PC running pfsense w/ two GBe interfaces. I will need one interface (WAN) to configure itself via DHCP; the other (LAN) I can assign a static IP, but I want it to ignore/drop all DHCP packets, so that the WAN interface can't get its configuration from the LAN side. Is this possible?
My one and only pfSEnse WAN setup :
You saw the (ix3) ? That's the name of the driver that us used for my 'WAN' interface.
The IPv4 configuration Type is "DHCP".
So, a process called 'dhclient' is bound to that ix3 or WAN interface to handle DHCP on my WAN interface.
And no other interface !!Let's check :
[23.01-RELEASE][root@pfSense.local.tld]/root: ps ax | grep 'dhclient' 43239 - Is 0:00.00 dhclient: ix3 [priv] (dhclient) 46094 - Ss 0:01.72 dhclient: ix3 (dhclient) ....So, yes : dhclient is the process in memory, active, waiting to 'do something' when needed. For example, it will renew my WAN lease against the upstream ISP router (with a DHCP server) when my WAN lease is half way.
All this has nothing with what you do on your LAN interface.
By default, the LAN interface uses a DHCP server process.
A DHCP server works with DHCP clients. On pfSense, these two are complete different processes, with different settings and goals in mind.The DHCP server is bound to a (one) interface :
This image shows you that I have one DHCP server process that listens to the LAN interface.
And one for the PORTAL interface, and another for the IDRAZC interface.The dhclient can not - will not - should not listen to packets coming into LAN PORTAL and IDRAC.
The DHCP server on LAN can not see - hear - notice DHCP traffic that comes in the interface WAN, PORTAL IDRAC.
Etc.All this works out of the box.
@iwishitwouldwork said in can pfsense filter isc.org dhcp server traffic?:
my isc.org dhcp server
That's the one pfSense uses.
-
which is what i want, so thanks for confirming that.
-
