pfSense Support Subscription

Author Topic: DHCP Copy-Machine  (Read 383 times)

0 Members and 1 Guest are viewing this topic.

Offline fwcheck

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
DHCP Copy-Machine
« on: April 07, 2017, 05:08:08 am »
We have found the following problem:

 - if you have a dhcp-server sitting behind a pfsense with dhcp-relaying enabled, the pakets incomming to WAN going to the dhcp-server are also relayed to the configured dhcp-servers.

example:
 wan: 192.168.2.2
 lan: 192.168.1.0/24
 dhcp-server 192.168.1.5
 dhcp-relay  192.168.3.1/ 192.168.3.2

 incoming [dhcp for 192.168.1.5] --> WAN --> dhcp-sever and also relayed to 192.168.3.1 / 192.168.3.2

The only option to stop flooding with dhcp-request is to change the dhcrelay-options:
dhcrelay -D -a -m discard -i eth0 eth1  192.168.3.1 192.168.3.2

This seems to work for us, if a circuit-id is set in the incomming dhcp-paket. As the dhcprelay is started within /etc/inc/services.inc 1842 we modified that line.

Any other ideas or thoughts on this ?

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14473
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: DHCP Copy-Machine
« Reply #1 on: April 07, 2017, 02:09:10 pm »
huh??

So your using pfsense as a internal router/firewall and its not doing nat?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline fwcheck

  • Newbie
  • *
  • Posts: 20
  • Karma: +0/-0
    • View Profile
Re: DHCP Copy-Machine
« Reply #2 on: May 19, 2017, 10:45:19 am »
 Yes, we are not using NAT. I think most users use NAT (SOHO).
 If you are using a firewall in a larger environment this is the case.
 Therefore it would be a good idea to make the dhcp-relay options available.

Online johnpoz

  • Hero Member
  • *****
  • Posts: 14473
  • Karma: +1341/-200
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: DHCP Copy-Machine
« Reply #3 on: May 19, 2017, 12:12:16 pm »
dhcp relay is an option..

as to this?
"the pakets incomming to WAN going to the dhcp-server are also relayed to the configured dhcp-servers."

Not unless you enable relay on your pfsense wan interface..

I would suggest you draw up your network.. If you were using pfsense as a downstream network router why would there be dhcp requests on the tranist network connecting pfsense to your upstream router? 

If your pfsense wan is 192.168.2 -- how would dhcp requests for 192.168.1 network be coming into wan?

So your relay your dhcp across your 192.168.2 transit to 192.168.2.2??  On its way to 192.168.1.5?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)