FreeNAS routing / relaying DHCP request to wrong network

D

Dialwang

Cadet
Joined
Apr 6, 2016
Messages
3
FreeNAS 11.2 U1
interface1 > guest network > static ip 192.168.170.22/24 > guest network DHCP served by AT&T router
interface2 > production network > static ip 10.0.6.22/24 > production network DHCP served by Cisco router
Network / Global / Default Gateway 192.168.170.254 (the AT&T Router) for access to internet, updates...
Network / Static Routes 10.0.0.0/8 Gateway 10.0.6.1 (Cisco Router) for access to corporate network
SSH and SMB exposed to both networks.

Problem: Clients (Mostly Window 7) connected to production network a getting assigned IP's in the guest network. Only connection between the two network is the FreeNAS box. It's as if the FreeNAS is acting at router between the two networks. Is there a way to block this, or at least block DHCP request from relaying through the FreeNAS.

Thanks
 
Last edited:
D

Dialwang

Cadet
Joined
Apr 6, 2016
Messages
3
I didn't have time to work on this last week. My only solution for now was to unplug the guest network. Very frustrating as i have a similar setup at different location with same dual network config (running for 4 years) and haven't seen this behavior. Will appreciate any input.
 
J

JaimieV

Guru
Joined
Oct 12, 2012
Messages
742
Warning: extreme lack of knowledge here. I'm not at all sure about it but it might give you a direction to look:

On the console, type 'ifconfig' and look for bridge interfaces. These are to bridge between networks - I believe their normal function in FreeNAS is to enable jail networking.

If there is a bridgen interface with members including both interface1 and interface2, that'll be your issue. Worth a compare with your well-behaved system.

https://www.freebsd.org/doc/handbook/network-bridging.html - the opposite of addm is deletem. That page does mention firewalling so you could wall off DHCP by blocking UDP ports 67/68 on the bridge if you'd rather not remove interfaces from it.
 
D

Dialwang

Cadet
Joined
Apr 6, 2016
Messages
3
No bridged interfaces. I do have one Jail but VNet unchecked. No bridges in Jail.

I rolled this system back from 11.2-U2.1 to 11.2-RELEASE-U1 this week, and reconnected the Guest Network. Watch it closely for a day, and so far, no clients getting IP's from wrong DHCP server. I'm not saying U2.1 has a problem, it's just the first thing i tried. After back on U1 I remembered to check this.
# sysctl -a | grep forwarding
net.inet.ip.forwarding: 0
net.inet6.ip6.forwarding: 0
I didn't think to check that when up on U2.1 I'll check it first thing next time I boot to U2.1
 
You must log in or register to reply here.

Similar threads

P
  • Locked
Jails: DHCP works but static IP doesn't
Replies
1
Views
1K
Nick2253
Nick2253
atrueresistance
  • Locked
CIFS Netbios across subnet
Replies
0
Views
1K
atrueresistance
atrueresistance
M
  • Locked
FreeNAS iSCSI and static route
Replies
6
Views
2K
mst
M
N
  • Locked
Routing between two interfaces possible?
Replies
3
Views
3K
jgreco
jgreco
D
  • Locked
Two NICs, two networks, one noob
Replies
3
Views
3K
Dogchainx
D
Top