Re: [pfSense Support] HELP! Beta 3 + Bridge Not allowing DHCP thru

Fri, 28 Apr 2006 12:07:13 -0700

What direction is the blocking rule matching on?  In or out?

On 4/28/06, Tim Roberts <[EMAIL PROTECTED]> wrote:
I did. The first line in my post was from the system log. Heres another snip:
 Apr 28 18:46:30 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:46:30 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:46:29BRIDGE0 172.16.248.3:67 255.255.255.255:68 UDP
 Apr 28 18:46:29BRIDGE0 172.16.248.3:67 255.255.255.255:68 UDP
 Apr 28 18:46:29 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:46:29 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:44:32 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:44:32 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:44:31BRIDGE0 172.16.248.3:67 255.255.255.255:68 UDP
 Apr 28 18:44:31BRIDGE0 172.16.248.3:67 255.255.255.255:68 UDP
 Apr 28 18:44:31 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:44:31 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:40:31 BRIDGE0 172.24.15.1 216.26.248.13 ICMP
 Apr 28 18:40:16 BRIDGE0 172.26.2.238 239.255.255.253 IGMP
 Apr 28 18:40:00 BRIDGE0 172.26.2.238 239.255.255.253 IGMP
 Apr 28 18:38:38 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 Apr 28 18:38:38 BRIDGE0 172.16.248.106:67 255.255.255.255:68 UDP
 
 :38:37BRIDGE0 172.16.248.3:67 255.255.255.255:68 UDP
 
172.16.248.106 and 172.16.248.3 are our DHCP servers. We have permited UDP 67 & 68 from any host to any host and even from any host to 255.255.255.255 just for giggles. Doesnt seem to matter which rules I plop in DHCP doesnt work. Is there something Im missing for DHCP other then UDP 67 & 68? Its WinBlowz DNS. Should I have put a 3rd NIC and bridged from LAN to OPT? Monowall used to make you do that. Just seemed silly to have 3 nics for a bridge when you only need 2. Is there a hitch bridging from LAN to WAN for this type of service?
 
Thanks
Tim
----- Original Message -----
Sent: Friday, April 28, 2006 1:14 PM
Subject: Re: [pfSense Support] HELP! Beta 3 + Bridge Not allowing DHCP thru

Look in the System logs for the items being blocked and allow them.  I have a wireless WAN to OPT1 bridge and I am getting DHCP no problem on my powerbook.

On 4/28/06, Tim Roberts <[EMAIL PROTECTED]> wrote:
We came under a multicast flood tht is cripling us. I quickly tossed together a PFSense Beta 3 box with 2 nics and set it up as a bridge. We placed it in a half way point in our wireless backbone. We put 2 rules on each interface (we couldnt tell which interface was which under frustrating circumstances in he dark at a tower). Both rules are to drop IGMP from any to any. We also added a rule to drop any source to 224.0.0.0/4 on both the lan and the wan.
 
our problem is that now our clients on the far side of the backbone cannot obtain addresses via DHCP. static customers get on and flow fine. So we inserted "allow any source to any destination udp 67-68". The firewall logs show drops over and over from our dhcp (172.16.248.3) server:
 

 Apr 28 16:00:18 BRIDGE0 172.16.248.3:67 255.255.255.255:68 UDP
 
here are the lan rules:
 

   Proto Source Port Destination Port Gateway Description

UDP 172.16.248.3 67 255.255.255.255 68 * Allow All Thru DHCP 

* 172.24.128.128 * 172.16.248.8 * * Allow All Thru DHCP 

UDP * * * 67 * Allow All Thru DHCP 

UDP * * * 68 * Allow All Thru DHCP 

IGMP * * * * * Drop IGMP 

* * * 224.0.0.0/12 * * Drop IGMP 

* * * * * * Default LAN -> any 
 
wan rules are same. As you can see we have tried some pretty stupid stuff troublshooting. I realize the 1st rule is dumb but the 3rd & forth outta get'r done shouldnt?
 
Thanks in advance!
Tim


Reply via email to