Project

General

Profile

Actions

Bug #4558

closed

DHCP traffic getting blocked with DHCP Relay enabled

Added by Kill Bill over 6 years ago. Updated almost 6 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
DHCP Relay
Target version:
Start date:
03/27/2015
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:
All

Description

Essentially the same issue as Bug #3074 but for IPv4 (blocked by default deny rule IPv4). Contrary to https://forum.pfsense.org/index.php?topic=14459 I don't think it's normal to require people to configure rules for IPv4 when the same works just fine with IPv6.

Actions #1

Updated by Kill Bill over 6 years ago

Mar 27 14:15:18    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29641,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 14:01:24    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29640,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 14:01:22    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29639,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 13:48:49    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29638,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
Mar 27 13:48:46    filterlog: 5,16777216,,1000000103,ath0_wlan0,match,block,in,4,0x0,,128,29637,0,none,17,udp,352,0.0.0.0,255.255.255.255,68,67,332
$ pfctl -vvsr | grep '@5('
@5(1000000103) block drop in log inet all label "Default deny rule IPv4" 
Actions #2

Updated by Chris Buechler over 6 years ago

  • Status changed from New to Confirmed
  • Target version set to 2.2.3
  • Affected Version changed from 2.2.1 to All
Actions #3

Updated by Chris Buechler over 6 years ago

  • Target version changed from 2.2.3 to 2.3
Actions #4

Updated by Chris Buechler almost 6 years ago

  • Status changed from Confirmed to Feedback
  • Target version changed from 2.3 to 2.2.5

should be fixed, leaving for confirmation in snapshot builds.

Actions #5

Updated by Kill Bill almost 6 years ago

Are you sure this is correct?

if ($dhcrelayif = $on) {
Actions #6

Updated by Chris Buechler almost 6 years ago

Kill Bill wrote:

Are you sure this is correct?

Yes, $on is the interface identifier (wan/lan/optX) at that stage. Same as DHCP server does right above it, just slightly diff because of the diff config structure.

Actions #7

Updated by Kill Bill almost 6 years ago

I guess I should have been more explicit - your really sure you don't want

if ($dhcrelayif == $on) {

instead?

$dhcrelayif = "banana";
$on = "apple";
if ($dhcrelayif = $on) {
return "strawberry";
}
Actions #8

Updated by Chris Buechler almost 6 years ago

Yes, thanks, I missed your point there. fixed

Actions #9

Updated by Chris Buechler almost 6 years ago

  • Status changed from Feedback to Resolved

fixed

Actions

Also available in: Atom PDF