DHCP on pfSense VM not handing out addresses past the host

crowax

New Member
Jan 9, 2022
4
0
1
42
I have built a pfsense server as a VM on one of my ProxMox hosts. I have two hosts and plan to have HA pfsense on the second host. Most everything appears to be working like the NIC passthrough for WAN and the bridge for local traffic. Physical computers outside the ProxMox environment connect to the switch are able to go out of the network just fine through the firewall.

However when I turn on DHCP server on pfsense, it only hands out IP address to the other VMs on the host. The second ProxMox host and all physical servers do not get an IP address. I can manually add one and everything runs fine after that. I have two switches (mikrotik 10Gb and Cisco 1Gb PoE) which I have directly connected the ProxMox to just to verify there wasn't a switch issue blocking things. I also saw it could be possible that promiscuous mode needed to be enabled on the bridge so I did that without any luck.

Any other thoughts or ideas? Thanks in advance!
 

crowax

New Member
Jan 9, 2022
4
0
1
42
Could you post the output of ip a on the pfsense VM?
I couldn't get ip a to work. Maybe because pfsense if freebsd? I did a ipfonfig in case that gives similar information. vnet0 is the LAN side. The WAN side is currently unplugged because without the DHCP working I have to keep it on another router. But I hook it back up for testing.

Code:
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN
        options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
        ether ca:cb:0e:76:c0:54
        inet6 fe80::c8cb:eff:fe76:c054%vtnet0 prefixlen 64 scopeid 0x1
        inet 192.168.86.2 netmask 0xffffff00 broadcast 192.168.86.255
        inet 192.168.86.7 netmask 0xffffff00 broadcast 192.168.86.255 vhid 1
        carp: MASTER vhid 1 advbase 1 advskew 0
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vtnet1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN
        options=800b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE>
        ether ba:99:a5:81:d4:72
        inet6 fe80::b899:a5ff:fe81:d472%vtnet1 prefixlen 64 scopeid 0x2
        inet 0.0.0.0 netmask 0xff000000 broadcast 255.255.255.255
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
enc0: flags=0<> metric 0 mtu 1536
        groups: enc
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
pflog0: flags=100<PROMISC> metric 0 mtu 33160
        groups: pflog
pfsync0: flags=0<> metric 0 mtu 1500
        groups: pfsync
 

Hannes Laimer

Proxmox Staff Member
Staff member
Jul 27, 2020
369
47
28
23
Algund
You're right ifconfig not ip a. So, pfsense is handing out IPs only on vtnet0. On WAN you usually get an IP and not hand IPs out. You need another interface that connects to your physical network, not just the bridge the other VMs use. That interface would then hand out IPs to your physical network.
 
Last edited:

crowax

New Member
Jan 9, 2022
4
0
1
42
You're right ifconfig not ip a. So, pfsense is handing out IPs only on vtnet0. On WAN you usually get an IP and not hand IPs out. You need another interface that connects to your physical network, not just the bridge the other VMs use. That interface would then hand out IPs to your physical network.
Understood. So even though my physical machines can see the pfSense on the network through the bridge, it doesn't hand out DHCP requests through that? If I connect it to the physical, do I still need the bridge as well?

The reason I haven't gone that route is because I don't have extra NIC's and no room for a card, so I may need to upgrade my hosts to get that working.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!