Chris Buechler <[email protected]> wrote: > > On Tue, Oct 6, 2009 at 7:05 PM, <[email protected]> wrote: > > I've discovered a bug in the way pfSense (or FreeBSD) handles DHCP. > > In my simple setup, my pfSense box receives a dynamic IP from its > > upstream router on the WAN side. As expected, it creates a route > > from its assigned IP to 127.0.0.1. > > > > The problem is that when the IP expires and pfSense is assigned a > > different IP, the old route redirecting the previous IP to 127.0.0.1 > > is not deleted. This, of course, means that any other client on the > > WAN that receives the old IP will be unreachable from pfSense or any > > computer behind it. > > > > Obviously, the fix would be to assign a static IP to pfSense, but I > > figured I'd report the erroneous behavior anyway. (I actually > > discovered this a while ago; I upgraded to 1.2.3-RC1 and waited for > > my IP to time out so I could confirm the error.) > > > > dhclient never adds routes other than the default. Are you using > multi-WAN load balancing pools?
Definitely not. I'm not much of a firewall cowboy; this is a simple setup with few changes from the default. Again, the problem is not that an invalid route is added, but rather that the route from the assigned IP to 127.0.0.1 is not deleted when it becomes obsolete. In particular, pfSense got an IP of 192.168.1.103 from the upstream DHCP server, and created a route from that IP to 127.0.0.1. When the lease expired, the pfSense box was assigned the new IP 192.168.1.102. A new route was created from 192.168.1.102 to 127.0.0.1, but the old route from 192.168.1.103 to 127.0.0.1 was not deleted as it should have been. -- Bryan Medsker [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
