Hello,
I'm running pfSense 2.2.1-RELEASE and getting an odd behavior from the
DHCP Relay service.
My network consists of 1 pfSense box with one WAN interface (ix0 -
80.80.80.254/24) and one LAN interface (ix1 - 10.0.0.254/24). The DHCP
clients are on the LAN side, there is no NAT configured and the DHCP
server is running on the outside, 80.80.80.1.
To reproduce the issue:
1. Enable DHCP Relay
2. Choose *LAN* interface only (ix1)
3. Specify remote DHCP server (80.80.80.1)
Result: dhcrelay -i ix0 -a -m replace 80.80.80.1
Notice that dhcrelay was told to use interface ix0 (WAN).
The packets arrive at the remote DHCP server correctly, coming from the
pfSense's public IP, however the Gateway-IP parameter is set to
80.80.80.254, the WAN interface's IP.
13:01:48.076997 04:7d:7b:34:01:a2 > fa:16:3e:ee:fd:1f, ethertype IPv4
(0x0800), length 322: (tos 0x0, ttl 63, id 55234, offset 0, flags
[none], proto UDP (17), length 308)
80.80.80.254.bootps > 80.80.80.1.bootps: [udp sum ok] BOOTP/DHCP,
Request from 00:1f:33:e5:bd:f7, length 280, hops 1, xid 0x7023ffc6,
secs 48040, Flags [Broadcast] (0x8000)
Gateway-IP 80.80.80.254
Client-Ethernet-Address 04:7d:7b:67:8d:da
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether 04:7d:7b:67:8d:da
Lease-Time Option 51, length 4: 4294967295
Hostname Option 12, length 7: "something"
Parameter-Request Option 55, length 9:
Subnet-Mask, Default-Gateway, TFTP, BF
Server-ID, Client-ID, Option 129, Domain-Name-Server
Domain-Name
The ISC dhcpd server interprets that requests are coming from the
80.80.80.0/24 subnet, for which I only have an empty declaring since
I'm not serving any IPs there:
Apr 20 16:35:45 vm dhcpd: DHCPDISCOVER from 04:7d:7b:67:8d:da via
80.80.80.254: network 80.80.80.0/24: no free leases
To work around this, I disabled the DHCP Relay service and started
dhcrelay by hand as: /usr/local/sbin/dhcrelay -i ix1 80.80.80.1
The packets still come from the WAN's IP address, as expected, but the
DHCPREQUEST payload now correctly informs the Gateway-IP address as
being 10.0.0.254. This makes dhcpd happy and a lease is offered (and
forwarded back to the client successfully).
It seems the DHCP Relay is trying to be smart in detecting the DHCP
server is reachable through the WAN interface and using that for the
dhcrelay command. I really wanted it to listen (and use the IP of) the
LAN interface.
Is my setup too crazy? Would it be possible to fill this as a bug
and/or enhanced to the interface?
Giovanni
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
