DMZ Bridge: dhcp offer does not even show in log.
-
Hi
I know, there are many similar problems around here, I tried almost all suggested variants but without luck.
Here my setup I try to get working:
WAN -> DHCP Assigned IP from ISP.
DMZ -> None but brdiged with WAN
LAN -> Just my lan subnet NATed for WANMy goal is to bridge WAN and DMZ to allow hosts in the DMZ to get their IP by DHCP of the ISP and serving public services.
Just beside: The whole setup is virtualized on ESXi vSphere (pfsense is attached to each portgroup with a virtual nic for each portgroup).
The Virtual Distributed Switch has a Portgroups for WAN, DMZ and LAN. On WAN and DMZ the promiscuous mode on "allowed".
Setting a network interface of a Test-VM directly to WAN portgroup works. The VM gets it's IP as expected.For bridging I bridged WAN and DMZ.
Here I tried almost every combinations of setup/hints I have found:-
tried to set pfil_member to 1 and and pfil_bridge to 0, but I also tried every combination here
-
tried to set the bridge0 to the WAN interface and/or keep it on its own interface
-
always had a any allow rule on all used interfaces and also one for dhcp boradcast with 0.0.0.0 and 255.255.255.255
-
also tried to create a dedicated "WAN" interface on an dedicated nic to use for the bridge with DMZ, but still no luck
Always I see an allow log entry of the request on the DMZ interface, but I don't see any answer (offer) from the IPSs DHPC server. I enabled to log default rules and also logged every of my custom rules.
Maybe I missed something, but I would at least expect to see some log entry blocked or allowed in the log. But nothing.I did found many topics about this setup with static IP's but never with DHCP (at least not in the example of bridging WAN/DMZ, most was about bridging WAN and LAN).
Does this setup even work with NAT on WAN->LAN besides the bridge to DMZ, maybe I need some more configuration on NAT side?
Do I miss something else?Thanks in advanced and regards
Thomas -