4. Debian isc server (dmz) + pfsense (firewall) + dhcp relay does not work correctl

Debian isc server (dmz) + pfsense (firewall) + dhcp relay does not work correctl

  • M

    I need some help with this, here is the original post, so i decide to trasnlate to find more help! http://forum.pfsense.org/index.php/topic,44387.msg230262.html#msg230262 now

    Hi, I'm writing I have a problem setting up a network with the following specifications.

    PfSense WAN –-- 1 --- dmz
    --------------------- 2 lan
    WAN is a private address, it comes from my first firewall. gw is static ip, for that part I no have problems,the dmz address has private ip as well and everything works fine in the DMZ are all my servers can connect to my lan wan also i can ping all my equipment on the network

    what Im try to do? good, easy, I have configured a dhcp server with vlan support in my dmz with static IP addresses and dynamic for my entire network, depending on the network where you are, I use pfSense as a second firewall on my network, now i setup the relay agent on my network to avoid leaving the server in another location (alone in the lan)...
    http://imageshack.us/photo/my-images/824/screenhunter01dec261325.jpg/

    this is the outline of my network, that way the dhcp server works properly based on debian, and without any problem, the problem is when I put the following configuration.
    http://imageshack.us/photo/my-images/259/screenhunter02dec261350.jpg/

    responses reach the dhcp server, but not the host that sent the request, I am using vmware workstation 8 and GNS3 to emulate a switch encapsulation 8021q, all network cards that use vlantaggin capable, i disable NAT/firewall to make some test but does not work...

    im using x86 version...

    pfSense configuration

    physical card team with 3 1-2-dmz wan - 3-lan
    I have currently only 3 virtual cards that are shed from the 3lan each with ip vlan necessary for

    DHCP configuration:

    debian team 6
    isc-dhcp-server
    1 plus a physical card for each vlan required

    Annex xml extension. txt pfSense configuration ...
    and is packetcapture.cap.txt. cap so really should change the settings! greetings! xD

    0

  • where did your configured dhcp relay service on 192.169.3.X network?

    192.169 is not private, change it to 192.168.


    0
  • M

    i cant change to 192.168.x.x because i have running some lan on that segment, letme try using 192.168.x.x on bigger networks, i mean something like 192.168.50.0 and so on, and i have my dhcp relay agent on 192.169.0.3, that is my main dhcp with all the vlan, can you check out the post in spanish for refer to the config files…. thanks!

    i matther of fact i will try to change the ip address on higher segments and lower the mtu of some interface

    Sorry about my english, im spanish talker...

    ![ScreenHunter_02 Dec. 27 08.32.jpg](/public/imported_attachments/1/ScreenHunter_02 Dec. 27 08.32.jpg)
    ![ScreenHunter_02 Dec. 27 08.32.jpg_thumb](/public/imported_attachments/1/ScreenHunter_02 Dec. 27 08.32.jpg_thumb)
    ![ScreenHunter_01 Dec. 27 08.32.jpg](/public/imported_attachments/1/ScreenHunter_01 Dec. 27 08.32.jpg)
    ![ScreenHunter_01 Dec. 27 08.32.jpg_thumb](/public/imported_attachments/1/ScreenHunter_01 Dec. 27 08.32.jpg_thumb)

    0

  • Do you have rules to allow dhcp traffic between interfaces?

    Can you do a tcpdump to see what is not working?

    0
  • M

    i dont know what i do wong but changing the ip address and i messed up, dont know what went bad, i will check again the rules, and i think that i will make it all from zero….

    ![ScreenHunter_04 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_04 Dec. 28 08.43.jpg)
    ![ScreenHunter_04 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_04 Dec. 28 08.43.jpg_thumb)
    ![ScreenHunter_03 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_03 Dec. 28 08.43.jpg)
    ![ScreenHunter_03 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_03 Dec. 28 08.43.jpg_thumb)
    ![ScreenHunter_02 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_02 Dec. 28 08.43.jpg)
    ![ScreenHunter_02 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_02 Dec. 28 08.43.jpg_thumb)
    ![ScreenHunter_01 Dec. 28 08.43.jpg](/public/imported_attachments/1/ScreenHunter_01 Dec. 28 08.43.jpg)
    ![ScreenHunter_01 Dec. 28 08.43.jpg_thumb](/public/imported_attachments/1/ScreenHunter_01 Dec. 28 08.43.jpg_thumb)

    0

  • You have a Allow all rule on all interfaces. It's supposed to be working.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy