DHCP on OPT1 interface only



  • Hello Everyone!

    I've been using pfSense in a LAN/WAN configuration for a while now with great success.  Now, I need to build out a pfSense firewall with WAN and dual LAN on different networks and I'm pretty much scratching my head on one simple thing, DHCP.

    The good thing is that setting up the firewall rules and the cross-LAN protection was easy. The two networks do NOT talk to each other but they both can connect to the Internet freely.

    Here's some info about what I'm doing:

    em0 - WAN to SBC
    em1 - LAN - 172.20.1.x (statically assigned, NO DHCP)
    em2 - OPT1 - IP 192.168.0.1, network 192.168.0.x/24 (DHCP/Static)

    In my configuration, I have the DHCP server set up to only hand out 192.168.0.2-192.168.0.200 out the OPT1 interface.  I have one rule blocking OPT1 access to LAN network (which works) and another rule allowing OPT1 access to the Internet.

    In troubleshooting this, I have a listener device attached to a monitoring port and I see the test machine sending out DHCPDISCOVER packets however I never see any DHCPOFFER packets traverse the switch.  When i check the pfSense logs, I see that the pfSense device is detecting the DISCOVER and is responding with DHCPOFFER however these packets never traverse the switch.

    Now, if I statically assign the test machine an IP address, it is able to connect to the Internet and browse with no issue so I know that it's not a connectivity issue to the pfSense OPT1 interface. I can not ping the pfSense router at all, but know that it works as tracerouting, pinging and browsing work flawlessly. (This may be a good thing as hosts attached to this segment should not be able to access the pfSense device at all.

    It's looking like a firewalling issue, but I'm not entirely sure where to proceed. Can someone give me a kick in the right direction as to what I'm doing wrong?  If you need  more info, please ask.

    Thank you!



  • @firestorm_v1:

    Now, if I statically assign the test machine an IP address, it is able to connect to the Internet and browse with no issue so I know that it's not a connectivity issue to the pfSense OPT1 interface. I can not ping the pfSense router at all,

    I would expect a ping response from the OPT1 IP address but not from the LAN IP address.

    I'd try connecting a system directly to OPT1 (bypassing the switch) to see if it gets an IP address by DHCP in that configuration.\


Log in to reply