DHCP not working on OPT1
-
I have three interfaces wan, lan, and opt1. dhcp works fine on lan, but it won't issue any ip addresses and i can't get to the internet on opt1. i have the check box enabled on the opt1 tab to enable dhcp on the opt1 interface. is there something i need to configure in the firewall between lan and opt1? i tried allowing udp 53 and 67, but it still doesn't work. i also allowed an easy firewall rule from 0.0.0.0:68 to 255.255.255.255:67 that I noticed in the firewall log.
I allowed all traffic open from lan to opt1 and vice versa. still no luck. i see several dhcpdiscover on eth0 to broadcast on port 67 timing out when I connect a machine to the op1 network. thanks
-
Do you have an "Allow" rule in your OPT1 interface ? By default all traffic is blocked
Please attach a screenshot of your OPT1 FW Rules
-
i believe I do, but here are the screen shots just to make sure. thanks for the reply.
-
You rules are wrong
http://doc.pfsense.org/index.php/Firewall_Rule_Basics
Your "accept any from opt1" on LAN is useless
and the rule on OPT1 is also useless…..
-
Ok I read the firewall rules. Could you give me an example to assist me please on how this particular one needs to be configured? I guess I am at a loss at this point.
-
Basically you need to "duplicate" the "Default allow LAN to any rule" with a slight modification to keep OPT1 users "out" of your LAN…..
Just edit your existing "Pass" rule on OPT1, and change:
Source --> OPT1 Subnet
Destination --> ( Not ) ! LAN subnet
-
I am having a brain fart on this for some reason. If I am allowing everything from lan to opt1 and opt1 back to lan with "default allow" rules, how am i still not getting a dhcp address? i'm just trying to get an ip address on the opt1 interface to get to the internet, then i can lock it down. i have dhcp enabled for opt1. i may just be really missing something. thanks for your help ptt.
-
Your firewall rules on OPT1 don't allow DHCP traffic: when a system first issues a request for a DHCP leave it doesn't have an IP address so the source IP address of the request (typically 0.0.0.0) is not on OPT1 net. If you search the forums for (say) DHCP firewall rule you will probably turn up examples of suitable rules. After you adjust the rules you should reset firewall states (see Diagnostics -> States, click on Reset States tab).
You will probably see the DHCP requests in the firewall log (Status -> System Logs, click on Firewall tab). Once you have fixed the firewall rules you should see DHCP requests on OPT1 recorded in the DHCP log (Status -> System Logs, click on DHCP tab).
You still have superfluous firewall rules on LAN but I will have to post on that later (unless I'm beaten to it).
-
Still didn't have any luck with this. I even tried just limiting access on port 80 to a single ip on the same lan. i can't find any decent firewall rule examples. i haven't had this kind of issues with untangle and their firewall rules. maybe i am just missing something. if someone can give me one example of how to block one ip to another on the same lan it would help me figure out how to move forward. maybe i am just doing something wrong. it doesn't seem like rocket science. in this example i am trying to block all web traffic from 192.168.10.100 to 192.168.10.10. i reset the states and can still access the web server on 10.10.
-
Traffic between host on the same network doesn't pass trough the FW… you can even turn off your pfSense (or any other FW) and still access 192.168.10.10 from 192.168.10.100
-
Ok thanks. Any help with passing through dhcp and DNs examples. I never for that working after searching the forums I couldn't locate a rule example for that. Do I need to list the source ip as all zeros ?
-
OK, try this for the rule to allow DHCP:
_Firewal_l -> Rules, OPT1 tab, Protocol=UDP, Source=0.0.0.0, Port=68, Destination=255.255.255.255, Port=67, Gateway=* all other fields default value.
After adding the rule you probably have to reset firewall states; see Diagnostics -> States, click on Reset States tab, read the information and click on the Reset button.
Do you see any DHCP requests from OPT1 reported in the DHCP log? or firewall log?
-
no dice. nothing in the dhcp log or firewall log either. it's weird. the rule didn't give me an ip address. not sure what's up. thanks for the help.
-
Perhaps the problem is at a lower layer than firewall rules. Please paste the output of pfSense shell command```
/etc/rc.banner ; ifconfig; ps ax | grep dhc
so we can verify your OPT1 interface is in a suitable state and DHCP server is running. @newbieuser1234: > no dice. nothing in the dhcp log or firewall log either. What did you do on a system connected to OPT1 to provoke it to issue DHCP requests? -
I tried to execute the command from the webconfigurator via the command prompt tab, but it just returned the same input. I will try later today when I get access to the actual box. To enable DHCP for OPT1, I checked the "Enable DHCP server on OPT1 interface" in the DHCP server tab.
Surely there has to be a "how to" on how to enable dhcp and dns for another lan. It's weird that people haven't run into this before. I assume this is a common task when using this product. Thanks for your help.
-
Please attach screenshots of the: pfSense Dashboard (the main windows), Interfaces:OPT1, DHCP Server on OPT1
-
wan ip is redacted. thanks.
-
Did you notice the OPT1 interface statistics in the screenshots you posted?
If something is really sending DHCP requests to OPT1 then the interface statistics should show non-zero counts for bytes received and packets received.
The OPT1 interface status is UP suggesting it is connected to something that is proving carrier, but no data is arriving!
-
OPT1 doesn't appear to have auto-negotiated its speed and duplex either from the looks of his second screenshot. Speed and Duplex appears to be missing from his OPT1 interface page as well.
-
yeah i don't have the advanced option as i do in the lan interface.
