Problem With DHCP Server assuaging addresses
-
Hey guys. I've got quite a nasty problem going on with my PF install. Seems that the local PF DHCP server is handing out addresses to my WAN card. (My setup consists of only two NICs – LAN/WAN). The problem seems to happen every 12 hours or so and can only be fixed by a reboot.
Any ideas what might be causing this? I can provide whatever you like. Also note these log messages I'm getting.
dnsmasq[850]: not giving name pfsense to the DHCP lease of 192.168.1.236 because the name exists in /etc/hosts with address 192.168.1.1
(192.168.1.1 is the pf gateway)
(192.168.1.236 is the addy the WAN NIC got in this case)Also note: I've only had this problem after upgrading to 1.2.3. With 1.2.2 things were ROCK solid. I haven't changed anything in-between the two upgrades. I've also tried searching around, but no good results.
Thanks in advance!!
EDIT: I also have tried fresh installing twice from a 1.2.3 ISO.
-
With the "normal" address mask of 24 bits for a 192.168.x.x network, your WAN and LAN interfaces are on the same subnet which is an illegal configuration. You haven't said enough about your configuration for me to be able to guess if this is the problem let alone suggest how to fix it.
If your pfSense WAN interface is getting its IP address from a DHCP server then you should check the network mask (e.g. 0xffffff00 or /24) assigned by the DHCP server and assign an IP address on a different subnet (e.g. 192.168.2.1 with a mask of 0xffffff00 or 24) to the pfSense LAN interface.
-
With the "normal" address mask of 24 bits for a 192.168.x.x network, your WAN and LAN interfaces are on the same subnet which is an illegal configuration. You haven't said enough about your configuration for me to be able to guess if this is the problem let alone suggest how to fix it.
If your pfSense WAN interface is getting its IP address from a DHCP server then you should check the network mask (e.g. 0xffffff00 or /24) assigned by the DHCP server and assign an IP address on a different subnet (e.g. 192.168.2.1 with a mask of 0xffffff00 or 24) to the pfSense LAN interface.
The WAN NIC is getting an IP via DHCP, but not from a private address (192/172/10) subnet. It is 1 address from my ISP. This PF box is my gateway to the internet. It acquires an address fine after a reboot, but after a few hours/days will eventually get a DHCP lease assigned to it from itself.
Note: I have made a firewall rule to block any traffic going from LAN to WAN on UDP 67 and 68 in hopes of stoping this event. I'll report if this helps (although I feel something still isn't right– I shouldn't have to do that).
Hope this helps clarify things, thanks for your suggestion!
-
The WAN NIC is getting an IP via DHCP, but not from a private address (192/172/10) subnet.
Do you mean the DHCP server's IP address is not a private address or that the IP address assigned by the DHCP server is not a private address?
It acquires an address fine after a reboot, but after a few hours/days will eventually get a DHCP lease assigned to it from itself.
Huh? You mean that the DHCP address request broadcast on your WAN interface somehow gets to DHCP server on the LAN interface and the DHCP server's response makes it back to the DHCP client on the WAN interface? Is that a guess or do you have some evidence (e.g. pfSense DHCP log) to support that? If this is so, you have an illegal configuration because the WAN and LAN interfaces are on the same subnet and you will have to figure out how they got to be on the same subnet and undo it.
-
The WAN NIC is getting an IP via DHCP, but not from a private address (192/172/10) subnet.
Do you mean the DHCP server's IP address is not a private address or that the IP address assigned by the DHCP server is not a private address?
Correct. Neither are private addresses. They are my ISP's DHCP server and my dynamic IP address, respectively.
It acquires an address fine after a reboot, but after a few hours/days will eventually get a DHCP lease assigned to it from itself.
Huh? You mean that the DHCP address request broadcast on your WAN interface somehow gets to DHCP server on the LAN interface and the DHCP server's response makes it back to the DHCP client on the WAN interface? Is that a guess or do you have some evidence (e.g. pfSense DHCP log) to support that? If this is so, you have an illegal configuration because the WAN and LAN interfaces are on the same subnet and you will have to figure out how they got to be on the same subnet and undo it.
Yes, that is what I've been saying all along. THe WAN interface is being assigned a private IP address from pfSense itself (via the LAN interface). The log posting above is exactly that.. the pf Gateway/DHCP server is 192.168.1.1. The error you see in my first post is when the WAN is assigned a IP address from the pf DHCP server (in that case 192.168.1.236). I have checked in the dhcp.leases file to confirm this as well.
Where do you recommend to start looking?
-
Look at your switch. The only way that will happen is if you have WAN and LAN plugged into the same switch and/or VLAN.
-
Or maybe you are running pfSense in some form of virtualised environment and haven't taken enough care about how you've configured bridges.
It seems a very common pfSense configuration is WAN with IP address assigned by DHCP and LAN with static IP and DHCP server running andare reporting seems to be rarely observed. So what is different about your configuration compared with all those other configurations that don't see this behaviour? It seems you have some sort of connection (possibly not permanent) between WAN and LAN. Someone is temporarily changing cabling?
Do you see anything else reported in the logs about the time of the dnsmasq message? What is in the DHCP log about that time?
-
Look at your switch. The only way that will happen is if you have WAN and LAN plugged into the same switch and/or VLAN.
The WAN comes into PFSense directly from a copper line back to our ONT– nothing in between. The LAN interfaces directly with PFSense and a switch. There are no loops or other issues on the LAN-- even when the internet is down things behave perfectly. The only place the WAN and LAN interfaces meet is the two NICs in the PFSense box.
Or maybe you are running pfSense in some form of virtualised environment and haven't taken enough care about how you've configured bridges.
It seems a very common pfSense configuration is WAN with IP address assigned by DHCP and LAN with static IP and DHCP server running andare reporting seems to be rarely observed. So what is different about your configuration compared with all those other configurations that don't see this behaviour? It seems you have some sort of connection (possibly not permanent) between WAN and LAN. Someone is temporarily changing cabling?
Do you see anything else reported in the logs about the time of the dnsmasq message? What is in the DHCP log about that time?
PFSense is running natively on a old P4 box, so there is nothing funky between the hardware and software. The LAN address for the PFSense box is static, and I'm at a loss for where this strange behavior is going on. The cabling is not changing nor is this issue associated with any other network change or problem anywhere else.
I appreciate your help guys, thanks! Let me know if you want more information or if I can answer more questions. So far I think my firewall rule is working.
-
It certainly looks as if your DHCP server on the LAN side is providing the address to your WAN interface but you haven't provided any conclusive evidence. So, to exclude other possibilities, please provide the output of the shell command```
ipconfig -a
