Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
DHCP issue with firewall: IP on port 67 getting blocked from 68
« previous
next »
Print
Pages: [
1
]
Author
Topic: DHCP issue with firewall: IP on port 67 getting blocked from 68 (Read 12028 times)
FarmServer
Newbie
Posts: 29
Karma: 3
DHCP issue with firewall: IP on port 67 getting blocked from 68
«
on:
November 12, 2017, 10:53:14 pm »
I have numerous firewall entries from an IP address trying to call the 255.255.255.255.68 address internally.
packet capture log set to full(not any different in detail from other settings)
13:33:32.895203 IP 10.102.0.1.67 > 255.255.255.255.68: UDP, length 250
When I look at the firewall log the explanation for the blocking is
@61 block drop in log quick on bce0 on inet from 10.0.0.0/8 to any label "Block private networks from WAN"
These incidents happen every minute or so. There doesn't seem to be any issues. 67 and 68 are related to dhcp and that seems to be working properly. I have three lans that have their own dns servers and they are being assigned IP addresses and dns addresses correctly.
Any thoughts? I thought packet capture might give me more detail on the source of this IP but it didnt return much detail.
Logged
bartjsmit
Hero Member
Posts: 2013
Karma: 194
Re: DHCP issue with firewall: IP on port 67 getting blocked from 68
«
Reply #1 on:
November 13, 2017, 08:21:54 am »
You can save the packet capture to a file and open this in Wireshark. This will give you the MAC address of the device that is generating the DHCP traffic.
Bart...
Logged
FarmServer
Newbie
Posts: 29
Karma: 3
Re: DHCP issue with firewall: IP on port 67 getting blocked from 68
«
Reply #2 on:
November 14, 2017, 03:51:52 am »
Thanks, i thought it was odd the level of detail wasnt changing.
Logged
FarmServer
Newbie
Posts: 29
Karma: 3
Re: DHCP issue with firewall: IP on port 67 getting blocked from 68
«
Reply #3 on:
November 15, 2017, 02:17:49 am »
So wireshark showed me the mac address of the device and it appears to be a Cisco device coming from my ISP since the first two ipv4 values match that of my assigned wan ip.
The firewall is seeing a 10.102.0.1 address from the Cisco MAC but this is not what matches the Cisco MAC and IP address shown in the ARP table.
But why then is the firewall blocking it as a private network?Why would it be showing up with a different IP but same MAC?
Further down the wireshark log under Bootp it shows:
Client IP address: 0.0.0.0 (to which i think this just means any IP, could be wrong)
Your(client)IP address: 10.102.155.99(Its not)
Next server IP address: 0.0.0.0(any again?)
Relay agent IP address: 10.102.0.1 <---The offending IP, but nothing I have configured uses an IP like this
For what its worth the only interface receiving an IP from my ISP is the WAN IP. The other LANS are their own DHCP servers.
Logged
BertM
Jr. Member
Posts: 53
Karma: 12
Re: DHCP issue with firewall: IP on port 67 getting blocked from 68
«
Reply #4 on:
November 15, 2017, 06:42:46 am »
FarmServer,
What you see (UDP packets towards 255.255.255.255:68) is a DHCP discover from a device that does not yet have an IP address (hence the 0.0.0.0 source adrress) and is trying to find a DHCP server to request an address.
For some reason, this DHCP discover is relayed (from your ISP network?) to your OPNsense box.
Kind regards,
Bert
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
DHCP issue with firewall: IP on port 67 getting blocked from 68