DHCP set to disabled but still handing out 192.168.1.x range IPs



  • I built two PFSense 2.4.4 firewalls and placed them into an HA configuration yesterday.

    I changed the LAN interface on unit A to 10.0.0.191 and unit B to 10.0.0.192. I created a CARP IP of 10.0.0.4 for routing to these firewalls.

    During install, I implicitly set DHCP to disabled on both firewalls. This morning we had a user receiving a 192.168.1.X IP address and the source MAC was that of the PFSense firewall.

    Has anyone else had issues with DHCP remaining on in the default LAN IP range after changing the WAN interface IP to an IP outside of that subnet and setting DHCP to disabled?



  • To stop this from being an issue, we had to disable the LAN interfaces on the firewalls. I will have to walk in and console them to answer any specific config / log questions.



  • I believe this was the issue.

    After completing the CLI config I logged into the web configurator. I completed the web configurator where I again ensured DHCP services were stopped and updated the addresses of the LAN interfaces.

    I allowed the firewall to relaod, but not reboot. I suspect that not rebooting the entire firewall post initial webconfigurator setup allowed DHCP to stay stuck running int he background with the default IP range present.

    Post rebooting each firewall DHCP is no longer an issue, it's off as expected.



  • When in doot, reboot!