How to configure DHCP Server to NOT assign a default gateway

smanders

Hello,

I need pfsense to NOT assign a default gateway via DHCP.  I only want it to assign the IP address.  When I leave the field blank, the clients are still assigned the LAN interface's IP address as their default gateway ???.  This introduces a problem on my dual homed machines.  I even made sure the NIC in the Windows adapter binding order had my NIC that IS assigned a default gateway first in the list.  However, connections still are functioning properly until I remove the competing default route.

I found this old thread with no resolution.  I'm running the latest version of pfsense.  Any one know?

http://forum.pfsense.org/index.php/topic,33924.msg176092.html#msg176092

Thanks,
smanders

johnpoz

Well if you read the text by the gateway entry you will see

"The default is to use the IP on this interface of the firewall as the gateway. Specify an alternate gateway here if this is not the correct gateway for your network. "

So that explains why leaving it blank does what it does - mine doesn't have an entry in it.

If you look in /var/dhcpd/etc you will see the dhcpd.conf - in there you will see the option

option routers 192.168.1.253;

Being set - where .253 is my lan interface IP, your will be what you set in the field or if left blank your interface the dhcp server is running on IP.

The dhcp server can be configured not to hand out that info - but it would have to be changed in the pfsense code to allow for that.  Submit a request to allow the option of not handing it out.

Most people running dhcpd on pfsense would want to hand out pfsense as the gateway I would have to assume.  If you don't want your dual homed boxes to use pfsense as gateway - just setup the IP on that interface on the client as static and don't set the gateway.

I wouldn't think it too hard of a change to make.. But I doubt too many people are asking for such a feature which is why it has not been setup as an option.

Willy

I have (had) a similar problem. We have a separate VLAN for VoIP with QoS settings for the VoIP VLAN. Both the normal LAN and VLAN have DHCP. Some workplaces use a softphone. On these systems we set the normal LAN and the VLAN. Both get a IP from DHCP and both networks get a GW with the same metric. The problem is that Windows now randomly decides which gateway to use and Murphy will make sure it's always the wrong one.

I changed the pfSense code myself (services.inc, xmlparse.inc and services_dhcp.php) so I can check a checkbox to disable setting the gateway for that DHCP range. Problem solved until I upgrade to a new version I guess.

I really would like to see this feature in standard pfSense.

johnpoz

Well there you go submit your change then..  I would post up details in development section, or ask there how to get started with submitting code to pfsense.

Willy

@johnpoz:

Well there you go submit your change then..  I would post up details in development section, or ask there how to get started with submitting code to pfsense.

I'm afraid my "hack" will not comply to pfSense coding rules, but I'll certainly have a look at it.

johnpoz

Im sure if your hack works, it could be tweaked to align with standards..  There are couple of changes I make upon loading a new snap.. Just been too lazy to work out the details of how to get them put into the code myself.

Someone had created a patch to get vnstat2 working, which I have to reapply on each new snap.  Also I am not a fan of the local-ttl of 1 for dnsmasq..  I just don't see the reason to have such low ttl on my dns records..  They rarely if ever change, so I change it to 86400 in the services.inc file.

Would like to see this as option to set this to whatever you want, etc.  Just too lazy to submit the code required to make it happen ;)  I will get to it sooner or later..  But if you have worked out the changes required to give you a check box - seems you got most of the work done already..  Be a nice addition that multiple people might take advantage of.

Derelict

Has this been formally submitted as an enhancement request?  A search on redmine for dhcp "default gateway" doesn't show one.

My scenario is I would like to NOT have a default gateway assigned to my workstation when I obtain a DHCP lease on my management VLAN. All I need is an interface on the right network.  All traffic not to the management VLAN should be routed out my main interface.

It would be nice to be able to suppress DNS Server assignment in the same fashion.

jimp

There isn't a feature request for it that I've seen, but I have seen at least one other person ask for it. In order to not break anyone's existing installs, another option or keyword would need to be added.

So either:
1. A checkbox to suppress sending a gateway
or
2. Entering the word "none" into the gateway box will prevent the gateway from being supplied to clients.

gdo35

Hello,

Old topic bu if it can help :
I manage to disable the default gateway assignment by DHCP server by setting the network address as default gateway.
For example I have a network 192.168.1.0/24, I set 192.168.1.0 as the default gateway.

pfsense accepts it but as the route is invalid it will not be used by the client.

It is a bite dirty but I hope it helps. ;)

gdo35

SixFive7

I know it's 8 years later. However as I'm running into this issue still I've created a ticket: https://redmine.pfsense.org/issues/11927
Should be an easy and quick fix.

johnpoz

Already fixed... Says so right in the box where you set a gateway.

"Type "none" for no gateway assignment."

SixFive7

This post is deleted!

SixFive7

Ah I figured out the confusion. There is indeed the option for "none" on the main config. It's not available however on the static mappings (although the interface is otherwise the same) where I need it.

johnpoz

I would have to test it - but bet dollar to donuts none works there too, and just the text not updated there..

SixFive7

I'm afraid a virtual donut just got a bite ;-)

This is the validation error:

Thanks for taking the time to look at this!

johnpoz

I would alter the redmine you put in to a feature request for the none that works on normal pool, to work on reservations then.

Other option, set non on the pool - and set the ones you want for reservations to whatever it is you want bit it pfsense IP or something else.

Personally if your not going to set a gateway, prob just easier to set the IP and maybe dns static on the device itself other than setting a reservation for it.

Other solution if you don't want something with a reservation going anywhere, just set the gateway to 127.0.0.1 ;) It take that - and that client isn't going anywhere with that set.

elgranjeff

@sixfive7 - Yes this is an old thread, but I want to share what I just configured because it worked for me in 2.5.2-RELEASE.

As commented by Marcos Mendoza on your readmine ticket:

https://www.iana.org/assignments/bootp-dhcp-parameters/bootp-dhcp-parameters.xhtml

Router aka Gateway is DHCP option 3. You can override what's sent under Additional BOOTP/DHCP Options by specifying an empty string for option 3.

I don't see this as necessitating a specific GUI option given that there may be edge cases for many more DHCP options that get sent by default.

I can confirm that adding DHCP Option with the following config worked as intended:
Number: 3
Type: IP address or host
Value: none

On my windows server host, this network interface was assigned an IPv4 Address, IPv4 Subnet Mask, IPv4 DHCP Server, IPv4 DNS Server, and IPv4 Default Gateway is blank.

highc

@elgranjeff - Thank you for this. It's been quite some time since your post, but this just helped me to solve a similar issue here.

For anyone else reading this: You have to type "none" (i.e., the word, without quotes) into the value field. If you enter no value, pfSense will not throw an immediate error on the GUI, but the dhcp server will not start again, as can be seen from the dhcp log.

elgranjeff

@highc I'm glad to hear it helped you! Also, thanks for clarifying that a person needs to type the word "none" without quotes—good catch!