Setting up multiple networks and having pfsense be dhcp server for these networks

gherrmann-pwd · Jan 16, 2024, 9:08 PM

I am trying to set up two networks going out of different ports on the back of our netgate 4100 and keeping as much of the traffic segmented as possible.

I have assigned networks igc0 and igc1 to be separate interfaces,
both networks are enabled, with different ip address spaces,
rules are set up to pass traffic with both networks.

When I have looked up various guides, one thing that seems common is that I can, in Services / DHCP Server, set up and select different dhcp servers for different networks. I don't seem to have that available for all networks.

Where can I look for a guide into setting up multiple separate networks?

Thanks for any help.

Running pfsense version 23.09.1-RELEASE

johnpoz · Jan 26, 2024, 2:51 AM

@gherrmann-pwd said in Setting up multiple networks and having pfsense be dhcp server for these networks:

set up and select different dhcp servers for different networks

If your interface is enabled dhcp would become available - common mistake users make is when you enable an interface and put an IP on it, it defaults to mask of /32 - which has no ips for dhcp to work with so dhcp does not become available until you place a mask on the interface that would allow for IPs to hand out.

gherrmann-pwd · Jan 26, 2024, 2:51 AM

@johnpoz
Yeah, the network mask of /32 was the first problem and after you pointed that out, I was able to muddle my way through to setting everything up as I wanted.

On the one hand, I understand why the default setting is the smallest possible setting, even defaulting to a mask of /31 would open enough other options to then see that settings issues arose.

Anyway, thanks.

johnpoz · Jan 26, 2024, 2:54 AM

@gherrmann-pwd there has been discussions of maybe defaulting it to like 24, since that is most likely the most used mask.. But in the end its up to the admin to correctly set their mask.. Setting a /32 does hopefully ensure they actually set an appropriate mask for their needs since a /32 isn't going to really work for anything ;)

gherrmann-pwd · Jan 26, 2024, 3:41 AM

@johnpoz Even just a reminder message underneath the network ip definition to remind the admin to update the mask to appropriately size the network would go a long way to avoiding the frustration and mistakes.

johnpoz · Jan 26, 2024, 3:50 AM

@gherrmann-pwd you can put in a feature request for such a note.. Not sure how much it will help, many of the common mistakes made after being here for years and years is users don't read the notes that are already in place ;)

What I can tell you have seen over the years multiple threads why dhcp is not available on an interface, and the /32 mask is always the cause ;)