Bug #1730
closed
DHCP Failover
0%
Description
Running 2.0-RC3 Built On: Sun Jul 24 04:39:44 EDT 2011
I have discovered that I have to manually allow access to ports 519 and 520 when I have DHCP setup on two pfSense firewalls with the proper fail-over settings configured.
When access to these ports are not allowed on an interface, DHCP is not served on the interface.
Direction to open these ports is not given in the docs for DHCP failover, so I figured this could be a bug.
Updated by Jim Pingle over 12 years ago
- Status changed from New to Rejected
Check your /tmp/rules.debug. We already have code in place to account for that.
if($config['dhcpd'][$on]['failover_peerip'] <> "") {
$ipfrules .= <<<EOD
# allow access to DHCP failover on {$oc['descr']} from {$config['dhcpd'][$on]['failover_peerip']}
pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 519 label "allow access to DHCP failover"
pass in on \${$oc['descr']} proto { tcp udp } from {$config['dhcpd'][$on]['failover_peerip']} to {$oc['ip']} port = 520 label "allow access to DHCP failover"
EOD;
Also make sure you are using the actual interface IP of the other box as the failover IP.
In the future, please open a forum thread for such issues and once a configuration issue has been ruled out, only then should a ticket be opened.
Updated by Chris Mirchandani over 12 years ago
Jim, thanks for the update. No one responded to my forum post and I must have missed the fix since build 2.0-RC3 Built On: Sun Jul 24 04:39:44 EDT 2011 in the commit history. I have tested by disabling my rules to open ports 519 and 520 on all interfaces using build 2.0-RC3 (amd64) built on Fri Jul 29 22:14:50 EDT 2011. I also rebooted both firewalls and tested DHCP on multiple VLANs.
Thanks for the fix!
Updated by