DHCP relay: How?

  • I'm not even quite sure I'm on the right (or best) track, but basically we have to get our public addresses via DHCP (and spoofing the MAC-addres) as we cannot get a routed block (believe me, we tried). However, we want to use traffic shaping to ensure no single server overloads the line (outbound, inbound we're not that worried, and afaik there's no shaping that anyhow, on this side of the connection.).

    Apparently, you typically use Virtual IPs (although I can find virtually no information what so ever about that) or 1:1 NAT for stuff like this, but as we MUST use DHCP this is not an option.

    I'm trying to get an IP from my ISP's DHCP-server. When I put the server on the same VLAN/network as the modem, there is no problem. pfSense's WAN-interface gets an IP from that server as well.
    We're using manual outbound NAT, with (obviously) no rule for our public IP-addresses.

    If I bridge OPTx with WAN it works without any configuration issues, but looking through the forums, apparently you cannot shape traffic on the bridge. Next try: DHCP-relay.

    • If I check "Proxy requests to DHCP server on WAN subnet" on the DHCP-relay-page, I get the error I HAVE to put in an IP. If I first put in an IP and then check the box, pfSense clears the IP and complains again. I have now put in the IP of the ISPs DHCP-server.

    • What IP do you give OPTx?
      – I would guess the same as the ISP's gateway (so the servers on that VLAN have a gateway to go to) but as soon as I assign that address to one of pfSenses own interfaces our internet goes down, probably because pfSense tries to route packets for the internet over OPTx instead of WAN.
      -- I tried using some IP on a subnet entirely unrelated to anything we already have (as not to upset the current routing) but then the test-laptop does not get an IP, let alone connectivity.

Log in to reply