DHCP Scope Leasing on All Subnets

Curtis

Hi everyone,

I have been running pfSense as my home router for a while now and i'm really enjoying it. Especially because pretty much my entire network is now virtualized :D I'm also pleased that I have managed to figure out the hardest part (in my opinion), the firewall :).

My network consists of the WAN + 4 Networks. The WAN is set as a /30 and the 4 networks are a class b /26. I have a DHCP scope running on the first network (10.20.30.0 - 10.20.30.63) and another on the second network (10.20.30.64 - 10.20.30.128).
I have a wap on the second network and wired for the rest.

The problem is that the wired clients on other networks randomly receive an ip from the second subnet. I created firewall rules to block the second subnet accessing other networks and also created rules to block other subnets from accessing the second subnet.

I would love to know if there is something I am missing and if there is another way of isolating DHCP scopes.

I'm really stumped at what to do next and was hoping that someone here has maybe had the same experience and knows the solution.

Thanks chaps,

Curtis.

divsys

Any chance you can do up a simple diagram of your layout?

It might make it easier to identify the problem spot(s).

Curtis

Yeah sure,

As mentioned, I have created several firewall rules which deny all access to other internal networks from LAN1. Similarly, I also created rules on all other networks, denying access to LAN1. I thought this would deny any traffic entering the LAN1 network except that from the WAN interface. My next step is to attempt to block the ports used by DHCP and see if that has an effect.

divsys

Ok, what do your Firewall rules for the 4 LANs look like?

Can you post your DHCP servers for LAN1 &  LAN2 as well?

Curtis

It's a basic rule that states all ipv4 traffic on any port going to to other networks is disallowed and any traffic on other networks cannot go to LAN network.

LAN1 Firewall Rules

ID Proto Source Port Destination Port Gateway Queue Schedule Description
      IPV4*    *            *    LAN net          *            *      none

LAN Firewall Rules

ID Proto Source Port Destination Port Gateway Queue Schedule Description
      IPV4*    *            *    LAN1 net          *            *      none

I haven't included the other two networks because it just follows the convention above and plus they are not in use.
Something that is interesting is that I cannot ping the networks vice versa or access the opposing networks in any way yet the pfSense DHCP scope seems to cross networks.
Really strange.
Oh and btw, I do not have any other DHCP scopes on the other networks simply because of the aforementioned problem.

divsys

Any chance you can do a screen shot from the actual Firewall Rules screen?

From your listing I can't tell if those are actually Block or Pass rules.

As well it would be helpful to see a post of your DHCP servers pages for LAN & LAN1