Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    How to Block DHCP Requests

    Firewalling
    3
    3
    2356
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jmarcum last edited by

      I have two internal networks connected to pfSense. Each network has its own active directory domain with DNS and DHCP. How would I setup a firewall rule to block dhcp requests between the two networks? My DHCP clients on network 2 get DHCP from network 1 as I have it now. I've also had issues authorizing DNS and DHCP in the domain on network 2. I think it's seeing the AD forest on network 1 and thinking it's not authorized.

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        Block UDP port 67 between the two networks.

        1 Reply Last reply Reply Quote 0
        • jimp
          jimp Rebel Alliance Developer Netgate last edited by

          DHCP operates using IPv4 broadcasts at layer 2. It is not capable of traversing between segments if they are actually separate, and you cannot have two distinct DHCP servers inside the same layer 2 broadcast/collision domain.

          If two segments can see DHCP from each other then:

          1. Both segments are using the same flat switch. Don't do that. Use separate switches or VLANs.
          2. There is some other cable or bridge linking the switches together. Find and remove it.
          3. pfSense is bridging between the segments. Not something you'd generally want to do, but not out of line. In this case, add a firewall rule to block it.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • First post
            Last post

          Products

          • Platform Overview
          • TNSR
          • pfSense
          • Appliances

          Services

          • Training
          • Professional Services

          Support

          • Subscription Plans
          • Contact Support
          • Product Lifecycle
          • Documentation

          News

          • Media Coverage
          • Press
          • Events

          Resources

          • Blog
          • FAQ
          • Find a Partner
          • Resource Library
          • Security Information

          Company

          • About Us
          • Careers
          • Partners
          • Contact Us
          • Legal
          Our Mission

          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

          Subscribe to our Newsletter

          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

          © 2021 Rubicon Communications, LLC | Privacy Policy