DHCP IP Pool for different subnet

causality

Hi;

Our schema likes that :

Pfsense LAN Interface IP : 192.168.168.1
Local Network : 192.168.10.0
We are routing local packets to 192.168.168.1 via 3com switch.

We want to use pfsense as dhcp server, too . We add dhcp relay with 3com switch.
But, pfsense not allows different ip pool from it's own subnet. We want to serve 192.168.10.x subnet from 192.168.168.1 interface.

Is that any way ?

ps : We are using 2.1-BETA0 (amd64) built on Sat Sep 22 21:47:14 EDT 2012 FreeBSD 8.3-RELEASE-p4

jimp

That's not possible currently even on 2.1. There is code now for multiple pools but it doesn't support those pools being outside of the interface's primary subnet.

It may be possible in the future though.

vsecgod

Hey there, new here as a user but have been ghosting for a long time:)

I am just now setting up a pfsense box as my new router and I ran into a dilemma similar to the OP's issue but I wanted to see if you can say for sure this is the same thing since I'd like for this scenario to work:)

My setup is as follows: ISP>pfSense>Cisco SG300>Lan

I have the pfSense and Cisco interface on vlan 100, IP of pfSense 192.168.100.1/30 and IP of Cisco interface 192.168.100.2/30.

I have my LAN on VLAN 99 connected to Cisco switch and running network 192.168.99.0/24.  Problem is this cisco sg300 doesn't offer DHCP services, only a feature called dhcp relay and from my research, it says it can point to a DHCP server and on a DHCP server, you can create subnet groups associated VLANs with incoming DHCP requests.

Since I'd like to use pfSense as my main DHCP so I don't have to stand up a box on my VLAN 99 just for DHCP, can I point DHCP relay to pfSense in my scenario?

Thanks!

jimp

No, pfSense can't act as a DHCP Relay target like that.

vsecgod

Ok, so what are my alternatives? re-do the interfaces between the pfsense and sg300 and just do a trunk between them and have my pfsense control the routing? Won't the traffic be slowed down between vlans since the traffic has to go from LAN vlan to pfsense then back out to another vlan?

jimp

Yes it would be slower to route inter-VLAN traffic through pfSense, but that would be the only way that pfSense can provide the DHCP.

The underlying DHCP software is capable of doing that but we don't have any way to accommodate that in the GUI yet.

Alternately, setup a dedicated DHCP server somewhere and point the switch's dhcp helper/relay at that.

vsecgod

Yea I was worried I was going to have to do that but I guess my goal was to be energy efficient as possible and not standing up another box just for DHCP services.  My PC room already is toast haha.  Thanks for the clarification though, maybe I will think of another design which involves virtualizing pfsense and a linux distro on my atom box but then again, i don't know what the performance will look like if I do that since I plan on playing with other packages like the IPS module, etc.