Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DHCP Scope Leasing on All Subnets

    Scheduled Pinned Locked Moved DHCP and DNS
    6 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      Curtis
      last edited by

      Hi everyone,

      I have been running pfSense as my home router for a while now and i'm really enjoying it. Especially because pretty much my entire network is now virtualized :D I'm also pleased that I have managed to figure out the hardest part (in my opinion), the firewall :).

      My network consists of the WAN + 4 Networks. The WAN is set as a /30 and the 4 networks are a class b /26. I have a DHCP scope running on the first network (10.20.30.0 - 10.20.30.63) and another on the second network (10.20.30.64 - 10.20.30.128).
      I have a wap on the second network and wired for the rest.

      The problem is that the wired clients on other networks randomly receive an ip from the second subnet. I created firewall rules to block the second subnet accessing other networks and also created rules to block other subnets from accessing the second subnet.

      I would love to know if there is something I am missing and if there is another way of isolating DHCP scopes.

      I'm really stumped at what to do next and was hoping that someone here has maybe had the same experience and knows the solution.

      Thanks chaps,

      Curtis.

      1 Reply Last reply Reply Quote 0
      • D
        divsys
        last edited by

        Any chance you can do up a simple diagram of your layout?

        It might make it easier to identify the problem spot(s).

        -jfp

        1 Reply Last reply Reply Quote 0
        • C
          Curtis
          last edited by

          Yeah sure,

          As mentioned, I have created several firewall rules which deny all access to other internal networks from LAN1. Similarly, I also created rules on all other networks, denying access to LAN1. I thought this would deny any traffic entering the LAN1 network except that from the WAN interface. My next step is to attempt to block the ports used by DHCP and see if that has an effect.

          1 Reply Last reply Reply Quote 0
          • D
            divsys
            last edited by

            Ok, what do your Firewall rules for the 4 LANs look like?

            Can you post your DHCP servers for LAN1 &  LAN2 as well?

            -jfp

            1 Reply Last reply Reply Quote 0
            • C
              Curtis
              last edited by

              It's a basic rule that states all ipv4 traffic on any port going to to other networks is disallowed and any traffic on other networks cannot go to LAN network.

              LAN1 Firewall Rules

              ID Proto Source Port Destination Port Gateway Queue Schedule Description
                    IPV4*    *            *    LAN net          *            *      none

              LAN Firewall Rules

              ID Proto Source Port Destination Port Gateway Queue Schedule Description
                    IPV4*    *            *    LAN1 net          *            *      none

              I haven't included the other two networks because it just follows the convention above and plus they are not in use.
              Something that is interesting is that I cannot ping the networks vice versa or access the opposing networks in any way yet the pfSense DHCP scope seems to cross networks.
              Really strange.
              Oh and btw, I do not have any other DHCP scopes on the other networks simply because of the aforementioned problem.

              1 Reply Last reply Reply Quote 0
              • D
                divsys
                last edited by

                Any chance you can do a screen shot from the actual Firewall Rules screen?

                From your listing I can't tell if those are actually Block or Pass rules.

                As well it would be helpful to see a post of your DHCP servers pages for LAN & LAN1

                -jfp

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.