Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Debian isc server (dmz) + pfsense (firewall) + dhcp relay does not work correctl

    DHCP and DNS
    2
    6
    3032
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      milanojs last edited by

      I need some help with this, here is the original post, so i decide to trasnlate to find more help! http://forum.pfsense.org/index.php/topic,44387.msg230262.html#msg230262 now

      Hi, I'm writing I have a problem setting up a network with the following specifications.

      PfSense WAN –-- 1 --- dmz
      --------------------- 2 lan
      WAN is a private address, it comes from my first firewall. gw is static ip, for that part I no have problems,the dmz address has private ip as well and everything works fine in the DMZ are all my servers can connect to my lan wan also i can ping all my equipment on the network

      what Im try to do? good, easy, I have configured a dhcp server with vlan support in my dmz with static IP addresses and dynamic for my entire network, depending on the network where you are, I use pfSense as a second firewall on my network, now i setup the relay agent on my network to avoid leaving the server in another location (alone in the lan)...
      http://imageshack.us/photo/my-images/824/screenhunter01dec261325.jpg/

      this is the outline of my network, that way the dhcp server works properly based on debian, and without any problem, the problem is when I put the following configuration.
      http://imageshack.us/photo/my-images/259/screenhunter02dec261350.jpg/

      responses reach the dhcp server, but not the host that sent the request, I am using vmware workstation 8 and GNS3 to emulate a switch encapsulation 8021q, all network cards that use vlantaggin capable, i disable NAT/firewall to make some test but does not work...

      im using x86 version...

      pfSense configuration

      physical card team with 3 1-2-dmz wan - 3-lan
      I have currently only 3 virtual cards that are shed from the 3lan each with ip vlan necessary for

      DHCP configuration:

      debian team 6
      isc-dhcp-server
      1 plus a physical card for each vlan required

      Annex xml extension. txt pfSense configuration ...
      and is packetcapture.cap.txt. cap so really should change the settings! greetings! xD

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        where did your configured dhcp relay service on 192.169.3.X network?

        192.169 is not private, change it to 192.168.


        Treinamentos de Elite: http://sys-squad.com

        Help a community developer! ;D

        1 Reply Last reply Reply Quote 0
        • M
          milanojs last edited by

          i cant change to 192.168.x.x because i have running some lan on that segment, letme try using 192.168.x.x on bigger networks, i mean something like 192.168.50.0 and so on, and i have my dhcp relay agent on 192.169.0.3, that is my main dhcp with all the vlan, can you check out the post in spanish for refer to the config files…. thanks!

          i matther of fact i will try to change the ip address on higher segments and lower the mtu of some interface

          Sorry about my english, im spanish talker...

          ![ScreenHunter_02 Dec. 27 08.32.jpg](/public/imported_attachments/1/ScreenHunter_02 Dec. 27 08.32.jpg)
          ![ScreenHunter_02 Dec. 27 08.32.jpg_thumb](/public/imported_attachments/1/ScreenHunter_02 Dec. 27 08.32.jpg_thumb)
          ![ScreenHunter_01 Dec. 27 08.32.jpg](/public/imported_attachments/1/ScreenHunter_01 Dec. 27 08.32.jpg)
          ![ScreenHunter_01 Dec. 27 08.32.jpg_thumb](/public/imported_attachments/1/ScreenHunter_01 Dec. 27 08.32.jpg_thumb)

          1 Reply Last reply Reply Quote 0
          • marcelloc
            marcelloc last edited by

            Do you have rules to allow dhcp traffic between interfaces?

            Can you do a tcpdump to see what is not working?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • M
              milanojs last edited by

              i dont know what i do wong but changing the ip address and i messed up, dont know what went bad, i will check again the rules, and i think that i will make it all from zero….

              ![ScreenHunter_04 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_04 Dec. 28 08.43.jpg)
              ![ScreenHunter_04 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_04 Dec. 28 08.43.jpg_thumb)
              ![ScreenHunter_03 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_03 Dec. 28 08.43.jpg)
              ![ScreenHunter_03 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_03 Dec. 28 08.43.jpg_thumb)
              ![ScreenHunter_02 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_02 Dec. 28 08.43.jpg)
              ![ScreenHunter_02 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_02 Dec. 28 08.43.jpg_thumb)
              ![ScreenHunter_01 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_01 Dec. 28 08.43.jpg)
              ![ScreenHunter_01 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_01 Dec. 28 08.43.jpg_thumb)

              1 Reply Last reply Reply Quote 0
              • marcelloc
                marcelloc last edited by

                You have a Allow all rule on all interfaces. It's supposed to be working.

                Treinamentos de Elite: http://sys-squad.com

                Help a community developer! ;D

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post