Pf sense firewall

  • i am using my pf sense computer/server as firewall for my other servers but i connected it with a dd-wrt repeater but
    my server won't receive any IPv4 address

    i use pf sense only as firewall

    Main Router: Linksys ea6700

    DD-Wrt Client: Linksys ea4700

    Pf Sense Firewall

    Sorry for my english

  • DHCP server:

    does anybody have a solution?

  • Netgate Administrator

    How are those boxes connected? Where is the server connected?
    How is pfSense configured?


  • DD-wrt client -> WAN        IPv4:
    LAN 1 -> w2k8r2 server 1 IPv4:N/A
    LAN 2 -> w2k8r2 server 2 IPv4:N/A
    LAN 3 -> w2k8r2 server 3 IPv4:N/A

    WAN IPv4 Configuration Type: dhcp
    LAN 1,2,3 IPv4 Configuration Type: dhcp

  • whats your lan subnet on pfsense?
    did you enable dhcp on pfsense?

  • WAN subnet:
    LAN 1,2,3 subnet: N/A

    Didn't enable DHCP server cause My main router is the dhcp server

  • Netgate Administrator

    So you are using the DD-WRT box for DHCP for the whole network but that is on the WAN side of pfSense.
    So do you have all the interfaces in pfSense bridged? You are running it as a transparent firewall?


  • I tried But didn't work
    And yeah it is a transparent firewall

  • Netgate Administrator

    Ok, if all the interfaces are bridged together then only one of them should have an IP. That could be the bridge interface itself or the WAN as you have it but the others should all be type 'none'.
    Do you have firewall rules to allow the DHCP requests from the severs on the LAN? Are you seeing anything in the firewall logs?


  • Allowed any protocol from the dhcp server
    But it is still not working

    I can give you Access to My firewall control panel if you want

  • Netgate Administrator

    If you're running a DHCP server on the pfSense LAN interfaces then there are rules put in place automatically to allow the DHCP traffic. For example:

    # allow access to DHCP server on LAN1
    pass in quick on $LAN1 proto udp from any port = 68 to port = 67 label "allow access to DHCP server"
    pass in quick on $LAN1 proto udp from any port = 68 to port = 67 label "allow access to DHCP server"
    pass out quick on $LAN1 proto udp from port = 67 to any port = 68 label "allow access to DHCP server"

    Since you are not running a DHCP server these rules will not be in place and your clients won't be able to send DHCP requests to the DD-WRT box.

    You may be better off using the DHCP relay though I've never tried it in this type of setup.


  • I tried But didn't work either

    But you don't want access to my pf sense?

  • Netgate Administrator

    What did you try?

    If you have the interfaces all bridged together try simply disabling the firewall completely, at the console: 'pfctl -d'. If you still can't get dhcp leases through it then you have some connection problem.


  • i did but still dind't get it to work
    dhcp relay
    Bridge all interface's
    using static IPv4
    dhcp server
    disable firewall

    but when i connect the server direct to my dd-wrt router it gets a dhcp adress in a few secs

  • Netgate Administrator

    To run as a transparent firewall you must have the interfaces bridged.

    If you aren't running transparent then you must have a separate subnet on the lan side.


  • Abandoning this project didn't get it work
    Thx everyone for ther help

Log in to reply