Debian isc server (dmz) + pfsense (firewall) + dhcp relay does not work correctl
-
I need some help with this, here is the original post, so i decide to trasnlate to find more help! http://forum.pfsense.org/index.php/topic,44387.msg230262.html#msg230262 now
Hi, I'm writing I have a problem setting up a network with the following specifications.
PfSense WAN –-- 1 --- dmz
--------------------- 2 lan
WAN is a private address, it comes from my first firewall. gw is static ip, for that part I no have problems,the dmz address has private ip as well and everything works fine in the DMZ are all my servers can connect to my lan wan also i can ping all my equipment on the networkwhat Im try to do? good, easy, I have configured a dhcp server with vlan support in my dmz with static IP addresses and dynamic for my entire network, depending on the network where you are, I use pfSense as a second firewall on my network, now i setup the relay agent on my network to avoid leaving the server in another location (alone in the lan)...
http://imageshack.us/photo/my-images/824/screenhunter01dec261325.jpg/this is the outline of my network, that way the dhcp server works properly based on debian, and without any problem, the problem is when I put the following configuration.
http://imageshack.us/photo/my-images/259/screenhunter02dec261350.jpg/responses reach the dhcp server, but not the host that sent the request, I am using vmware workstation 8 and GNS3 to emulate a switch encapsulation 8021q, all network cards that use vlantaggin capable, i disable NAT/firewall to make some test but does not work...
im using x86 version...
pfSense configuration
physical card team with 3 1-2-dmz wan - 3-lan
I have currently only 3 virtual cards that are shed from the 3lan each with ip vlan necessary for
DHCP configuration:
debian team 6
isc-dhcp-server
1 plus a physical card for each vlan requiredAnnex xml extension. txt pfSense configuration ...
and is packetcapture.cap.txt. cap so really should change the settings! greetings! xD -
where did your configured dhcp relay service on 192.169.3.X network?
192.169 is not private, change it to 192.168.
-
i cant change to 192.168.x.x because i have running some lan on that segment, letme try using 192.168.x.x on bigger networks, i mean something like 192.168.50.0 and so on, and i have my dhcp relay agent on 192.169.0.3, that is my main dhcp with all the vlan, can you check out the post in spanish for refer to the config files…. thanks!
i matther of fact i will try to change the ip address on higher segments and lower the mtu of some interface
Sorry about my english, im spanish talker...
 -
Do you have rules to allow dhcp traffic between interfaces?
Can you do a tcpdump to see what is not working?
-
i dont know what i do wong but changing the ip address and i messed up, dont know what went bad, i will check again the rules, and i think that i will make it all from zero….
 -
You have a Allow all rule on all interfaces. It's supposed to be working.
