Dhclient[18753]: DHCPREQUEST on re0 to 10.244.64.1 port 67



  • Hello Guys,

    I recently added a Road Runner cable modem as a backup connection, connected to a RealTek card (re0) in my pfSense 2.0.1 box.

    I've noticed that although the connection is operating normally, I keep seeing the following in the system logs:

    dhclient[18753]: DHCPREQUEST on re0 to 10.244.64.1 port 67

    I believe 10.244.64.1 is the CMTS system.

    I'm assuming it's benign, is there any way to filter it?

    Thanks,

    Matt



  • I believe 10.244.64.1 is the CMTS system.

    Correct

    assuming your cable connection= WAN

    On your WAN firewall rules make a rule blocking that address and put it at the top of the other rules.

    10.244.64.1 is not private space.  if it was you would also need to uncheck "Block private networks" on your WAN interface…


  • Netgate Administrator

    Erm…
    Isn't that just the pfsense dhcp client renewing it's lease? If you block it that would be a problem.
    Presumably it appears at regular intervals.
    Am I missing something obvious.

    Steve



  • Blocking it wont keep the client from contacting initiating the connection.  Just stops outside from getting in and logging..

    Others such as myself do this with our cable connections with no issues…


  • Netgate Administrator

    That's true but this is in the system log. It looks like the client renewing the lease, no?  :-\

    Steve



  • Just DHCP broadcasts…   If I take the block out I get similar in the logs 24/7...    My address still changes from time to time so I know I haven't blocked it...  But if I let it log I miss other traffic I might want to see due to the constant traffic from my ISP's server...   In my case 10.28.0.1...

    So unless the pfSense box is making constant DHCP requests to the ISP Id have to believe its just DHCP related chatter from the cable system and other customers...

    (insert the shrugging shoulders smiley here...)



  • The reason you see the log in the original post is on WAN IP renewal. No way to hide it, nor do you want to really. It'll log that on every DHCP renewal, which happens every half of the lease time. So if your ISP uses a very short lease time it will show up frequently.

    @chpalmer:

    10.244.64.1 is not private space.  if it was you would also need to uncheck "Block private networks" on your WAN interface…

    No, 10.* is private space, and block private networks strictly blocks ingress unsolicited traffic. The DHCP request is allowed out, the reply back in by the state.



  • @cmb:

    The reason you see the log in the original post is on WAN IP renewal. No way to hide it, nor do you want to really. It'll log that on every DHCP renewal, which happens every half of the lease time. So if your ISP uses a very short lease time it will show up frequently.

    @chpalmer:

    10.244.64.1 is not private space.  if it was you would also need to uncheck "Block private networks" on your WAN interface…

    No, 10.* is private space, and block private networks strictly blocks ingress unsolicited traffic. The DHCP request is allowed out, the reply back in by the state.

    Host name:
    ip-10-244-64-1.us-west-1.compute.internal

    Thats what I thought off the top of my head but a quick (and obviously not to observant )look came back with a host name to us-west…  I didn't catch the "internal" part...

    dhclient[18753]: DHCPREQUEST on re0 to 10.244.64.1 port 67

    And read that too quick…  Thought it was incoming....  Ignore me    Im going back to bed!    ::)



  • @chpalmer:

    dhclient[18753]: DHCPREQUEST on re0 to 10.244.64.1 port 67

    And read that too quick…  Thought it was incoming....  Ignore me    Im going back to bed!    ::)

    I'm sure you were thinking of the usual scenario people post here with floods of blocked DHCP requests and/or replies, which is the norm with cable since it's a gigantic broadcast domain. That's firewall logs though, in this case it's dhclient renewals.


  • Netgate Administrator

    Ha, good to see I'm not loosing my mind. Yet.  ;)

    Steve


Log in to reply