OPNsense Forum
English Forums => General Discussion => Topic started by: usr1324 on June 26, 2019, 02:23:57 pm
-
Hello community
I have a network setup in which I have 1 OPNSense as a NAT and another OPNSense as a router (no NAT) to another internal subnet. Like this:
internet --- OPN1-NAT--- SubnetC1 --- OPN2-NON_NAT --- SubnetC2
Both OPNSense have DHCP servers running in the internal LAN interface only (OPN1 should serve a range in subnetC1 and OPN2 serves a range in SubnetC2
The problem I have is that sometimes the machines in C1 gets and IP from C2 and vice versa.
Is there a way I can configure the filtering to avoid this from happening?
Thanks
-
Hello,
By default DHCP requests are sent to a braodcast address and routers do not forward broadcast. It is likely that your machines are in the same braodcast domain.
I recommend the following test:
1 - Run a sniffer on the two firewall (tcpdump -n -i on 0 port 67 and port 68)
2 - Choose a client machine that occurs the problem and take note of the mac address.
2 - On this client machine run ipconfig / renew.
3 - Check the two firewall for the requests of this machine.
Repeat ipconfig / renew a few times, if the requests reach the two firewalls confirm that your machines are in the same braodcast domain.
-
I found the solution, this was driving me crazy. Indeed the opnsense in router mode between the 2 subnets is not passing the broadcast. One of the ESX servers has 4 NICs and the first was connected to network1 and has an IP configured. Someone connected another NIC to a switch in network2. Now even if the 2nd NIC has no IP and was not configured, the DHCP broadcasts from the VMs were being broadcasted in both NICs, causing the VMs in this ESX to get IPs from both DHCPs. Simply disabling the 2nd NIC in the ESX stopped the madness (until I can ask someone to go there and disconnect the cable).