Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DMZ Bridge: dhcp offer does not even show in log.

    Firewalling
    1
    1
    481
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      grandslam
      last edited by

      Hi

      I know, there are many similar problems around here, I tried almost all suggested variants but without luck.

      Here my setup I try to get working:
      WAN -> DHCP Assigned IP from ISP.
      DMZ -> None but brdiged with WAN
      LAN -> Just my lan subnet NATed for WAN

      My goal is to bridge WAN and DMZ to allow hosts in the DMZ to get their IP by DHCP of the ISP and serving public services.
      Just beside: The whole setup is virtualized on ESXi vSphere (pfsense is attached to each portgroup with a virtual nic for each portgroup).
      The Virtual Distributed Switch has a Portgroups for WAN, DMZ and LAN. On WAN and DMZ the promiscuous mode on "allowed".
      Setting a network interface of a Test-VM directly to WAN portgroup works. The VM gets it's IP as expected.

      For bridging I bridged WAN and DMZ.
      Here I tried almost every combinations of setup/hints I have found:

      • tried to set pfil_member to 1 and and pfil_bridge to 0, but I also tried every combination here

      • tried to set the bridge0 to the WAN interface and/or keep it on its own interface

      • always had a any allow rule on all used interfaces and also one for dhcp boradcast with 0.0.0.0 and 255.255.255.255

      • also tried to create a dedicated "WAN" interface on an dedicated nic to use for the bridge with DMZ, but still no luck

      Always I see an allow log entry of the request on the DMZ interface, but I don't see any answer (offer) from the IPSs DHPC server. I enabled to log default rules and also logged every of my custom rules.
      Maybe I missed something, but I would at least expect to see some log entry blocked or allowed in the log. But nothing.

      I did found many topics about this setup with static IP's but never with DHCP (at least not in the example of bridging WAN/DMZ, most was about bridging WAN and LAN).

      Does this setup even work with NAT on WAN->LAN besides the bridge to DMZ, maybe I need some more configuration on NAT side?
      Do I miss something else?

      Thanks in advanced and regards
      Thomas

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.