How to Block DHCP Requests

  • I have two internal networks connected to pfSense. Each network has its own active directory domain with DNS and DHCP. How would I setup a firewall rule to block dhcp requests between the two networks? My DHCP clients on network 2 get DHCP from network 1 as I have it now. I've also had issues authorizing DNS and DHCP in the domain on network 2. I think it's seeing the AD forest on network 1 and thinking it's not authorized.

  • Block UDP port 67 between the two networks.

  • Rebel Alliance Developer Netgate

    DHCP operates using IPv4 broadcasts at layer 2. It is not capable of traversing between segments if they are actually separate, and you cannot have two distinct DHCP servers inside the same layer 2 broadcast/collision domain.

    If two segments can see DHCP from each other then:

    1. Both segments are using the same flat switch. Don't do that. Use separate switches or VLANs.
    2. There is some other cable or bridge linking the switches together. Find and remove it.
    3. pfSense is bridging between the segments. Not something you'd generally want to do, but not out of line. In this case, add a firewall rule to block it.

Log in to reply