4. How to Block DHCP Requests

How to Block DHCP Requests

  • J

    I have two internal networks connected to pfSense. Each network has its own active directory domain with DNS and DHCP. How would I setup a firewall rule to block dhcp requests between the two networks? My DHCP clients on network 2 get DHCP from network 1 as I have it now. I've also had issues authorizing DNS and DHCP in the domain on network 2. I think it's seeing the AD forest on network 1 and thinking it's not authorized.

    0

  • Block UDP port 67 between the two networks.

    0
  • Rebel Alliance Developer Netgate

    DHCP operates using IPv4 broadcasts at layer 2. It is not capable of traversing between segments if they are actually separate, and you cannot have two distinct DHCP servers inside the same layer 2 broadcast/collision domain.

    If two segments can see DHCP from each other then:

    1. Both segments are using the same flat switch. Don't do that. Use separate switches or VLANs.
    2. There is some other cable or bridge linking the switches together. Find and remove it.
    3. pfSense is bridging between the segments. Not something you'd generally want to do, but not out of line. In this case, add a firewall rule to block it.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy