Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    1 WAN quad LAN

    DHCP and DNS
    3
    12
    4524
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Tagnard last edited by

      I'm building a pfsense router with a quad gigabit card as lan interfaces.

      I have been lurking the forum to find a solution to the "no DHCP on opt1" and i know that i have to add a firewall rule to allow the clients to get an ip but i dont know how the rule should be.

      i have all the ports on the quad nic bridged to the lan interface with the settings static and i have no ip writen there.

      what is the firewall rule that i need to add to each of the ports to allow dhcp from LAN?

      1 Reply Last reply Reply Quote 0
      • J
        jasonlitka last edited by

        DHCP only broadcasts on the local subnet.  If you are trying to use DHCP on a network without a DHCP server then you'll need a DHCP relay.

        Go to "Service > DHCP Relay".  Select the tab for your OPT interface.  Check the box at the top, type in the IP of your DHCP server on your LAN in the box at the bottom, and then click "Save".  Make sure you've got a scope defined for that network on your DHCP server.

        I can break anything.

        1 Reply Last reply Reply Quote 0
        • T
          Tagnard last edited by

          I have a DHCP server on the LAN, but i want to have the same DHCP on all the ports like any modern broadband router except that i'm in controll of it.

          When i try to ativate the DHCP Relay it tell me this.
          DHCP Server is currently enabled. Cannot enable the DHCP Relay service while the DHCP Server is enabled on any interface.

          So that option diden't work.

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob last edited by

            You need to add firewall rules for each interface bridged to LAN to allow DHCP traffic. (From web GUI, Firewall -> Rules, click on the appropriate interface tabs).

            I've used the following two rules:

            Proto = UDP, Source = *, port = 68, destination = 255.255.255.255, port = 67, gateway = *
            Proto = UDP, Source = *, port = 68, destination = LAN address, port = 67, gateway = *

            You don't need DHCP relay unless the pfSense box is passing DHCP requests to another subnet (which doesn't appear to be the case here). It would appear you want the pfSense box to be the DHCP server but I don't think you have explicitly stated that.

            1 Reply Last reply Reply Quote 0
            • T
              Tagnard last edited by

              i can't get it to work. I log the rules and i don't se anything in the logs.
              So i thought i was stupid so i tried all the ports but none give me an ip except lan.

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob last edited by

                Just checking: You have LAN, OPT1, OPT2 and OPT3. OPT1 and OPT2 and OPT3 are bridged to LAN. You have those rules on each of OPT1, OPT2 and OPT3. DHCP server is enabled on LAN. There is no sign of a DHCP request in the DHCP Server log (from web GUI Status -> System Logs, click on DHCP tab). There is no sign of a DHCP request in the firewall log (Status -> System Logs, click on Firewall tab).

                If all the above is true then I suspect DHCP requests are not getting to your system. You should try a packet capture on one of your interfaces, for example, on the console

                tcpdump -i em0 port 67

                should show any DHCP traffic appearing on interface em0.

                You should also check DHCP server is running: on the console type

                ps ax | grep dhcpd

                1 Reply Last reply Reply Quote 0
                • T
                  Tagnard last edited by

                  every opt is bridged, ruled and when i tcpdump i see the dhcp traffic but i cant se it in the logs so my router machine is not geting the packets by some odd reason.

                  dhcpd is running.

                  1 Reply Last reply Reply Quote 0
                  • W
                    wallabybob last edited by

                    In tcpdump do you see incoming traffic and replies?

                    In the incoming DHCP traffic what is the destination IP address? If its not the broadcast address (255.255.255.255), what address is it? (DHCP client implementations will often try to get an IP address from the IP address which last gave them an IP address. Maybe that address is no longer the address of a DHCP server.)

                    1 Reply Last reply Reply Quote 0
                    • T
                      Tagnard last edited by

                      I see all the requests but no replies.

                      tcpdump

                      # tcpdump -i em0 port 67
                      tcpdump: WARNING: em0: no IPv4 address assigned
                      tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
                      listening on em0, link-type EN10MB (Ethernet), capture size 96 bytes
                      02:26:48.667774 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
                      02:26:52.667642 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
                      02:27:00.667368 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
                      02:27:46.001297 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
                      02:27:50.001526 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
                      02:27:57.001253 IP 10.0.0.100.bootpc > router.tagnard.net.bootps: BOOTP/DHCP, Request from 00:24:8c:74:ef:da (oui Unknown), length 307
                      
                      

                      router.tagnard.net is 10.0.0.254

                      1 Reply Last reply Reply Quote 0
                      • W
                        wallabybob last edited by

                        Your DHCP trace suggests to me that the system already knows its IP address (10.0.0.100) and so its probably requesting a DHCP lease renewal from router.tagnard.net. In contrast, a system that didn't know its IP address and was looking for a system to assign it an address would be sending from 0.0.0.0 to 255.255.255.255.

                        I don't know the history of your configuration. Perhaps 10.0.0.254 was previously used by another system which also acted as DHCP server. I don't know if the pfSense DHCP server would log a request to renew a DHCP lease it knew nothing about.

                        The note on the page displayed by the web GUI at Diagnostics -> States, click on Reset states tab, suggests that its probably worthwhile to reset states after every time you fiddle with the firewall rules.

                        Suggestion: Halt the computer sending the DHCP requests. Restart the pfSense box. Start the tcpdump trace. Then start the PC. Then post the trace here, either the first 8 entries or the first five minutes worth (after the first entry).

                        1 Reply Last reply Reply Quote 0
                        • T
                          Tagnard last edited by

                          You may be absolutly right. the "backup" firewall i'm running right now is a clone of the one i'm fixing now and i have used it to access the internet to read your replies.

                          When i reset the states and /release - /renew i get an IP without problem.

                          1 Reply Last reply Reply Quote 0
                          • T
                            Tagnard last edited by

                            Now i have another strange problem. When i disconnect the cable from lan i dont get any ip from dchp on any of the other 4 ports.

                            Is there a way to fix this os is it a bugg?

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post