If it doesn't have a managment vlan, then no you can not give a dhcp address only on a vlan with a tag..  It should pick up a dhcp on any port that is native without tagging that your running a dhcp server on.. This sure seems like a ? for netgear support or a bitch session and anything to do with pfsense.. Does pfsense see a discover packet?  Is it tagged, if not how would dhcp server running on a vlan see it? Unifi AP don't allow you to set a management vlan, they still get IP vs dhcp just fine as long as you run dhcp on interface that is not tagged.. So for example interface that I use for my wireless is vlan 20, its native vlan 20 without any tagging..  The port that is connected to the interface is trunked but the pvid is vlan 20..  So the trunk going to pfsense has a pvid of 20, the trunk going to ap has pvid of 20.. It get dhcp because in psense I just run dhcp server on the interface, while dhcp also runs on the vlans that wireless uses for other SSIDs

@johnpoz: If your getting dhcp from your old wifi router, then yeah its going to be broken, since most of them point their lan IP as your gateway, and many don't allow you to even change that..  So yeah not going to work as AP if you let it hand out dhcp, or its not really an AP and your double natting, etc.. To clarify, the AP(old router) will pass DHCP from pfSense when I have the internal DHCP disabled.  Or it will hand out DHCP if I turn off pfSense's DHCP and turn on the AP's DHCP server. I think you are getting at the crux, which is that the AP does not want to stop being a router and its own gateway (it has gateway capability because it is a Cradlepoint MBR1000 with WIMAX/3G/4G interfaces).  However, it will allow me to create manual routing table entries.  I'm not experienced in that area, but do you think there is a way to build a set of routing table rules that will force it to send all traffic through the pfSense box?  n.b.- No wifi clients will require access to any other machine on the LAN; they just need to get through the LAN to get to the interwebs.

yes you can forward different ports to different ips behind pfsense, but no you can not forward 80 to more than 1 IP behind pfsense.. If you want to get to something running httpd behind pfsense both on port 80 you would have to use a reverse proxy running on pfsense that looks at the fqdn your trying to get to say hosta.yourdomain.tld would send to ip1 and hostb.yourdomain.tld would send to ip2 while both hosta and hostb.yourdomain.tld resolve to your 1 public IP.

Because i'm using Captive Portal in the mentioned network i would prefer to service DHCP from pfSense itself. Well, GRE is able to route all traffic, even broadcast-traffic. But for some unknown reason the GRE-interface is not shown as possible DHCP-Interface. Could the be done by a feature-request?

Assuming you already have firewall rules in place to keep these LANs from talking to each other, you would create a single rule for your sandbox1 LAN so that the IP address of the DNS server in sandbox1 can talk to the IP address of the DNS server in sandbox2 LAN on tcp/udp 53.  Then you add the DNS server in sandbox2 as an upstream server for your DNS server in sandbox1.

Interception and redirection of traffic is bad idea all the way around.. Would you want someone doing that to your traffic.. If your box says its using 8.8.8.8 for dns then is should be freaking using that, if it can not get there that is one thing… But something up the line from me should not take my traffic going to 8.8.8.8 and redirect it anywhere.. So fix your servers to use the dns you want them to use. Why a "server" would of pointed to 8.8.8.8 vs some local dns in the first place is curious question I have... Seem pretty stupid out of the box not to point your devices to your local dns.. If you did not have local dns that would of been the first thing to setup before setting up other boxes ;)

Rather than keep everyone guessing further, why not post your outbound (LAN) firewall rules and your full network config on the PFS, including your routing and DNS settings? It might be possible to make more than random guesses as to what the problem may be.

@DutchSamurai: Nobody knows where I can find the correct files? You cannot find them, you need to create them yourself. As long as you keep "describing" your issues like "doesn't seem to work", good luck with troubleshooting. As noted above, switch to Unbound/pfBNG instead of reinventing wheels.

Problem solved. Since i have replaced the vdsl modem and configured pfSense to use the vlans on wan interface the problem did not appear anymore.

@johnpoz: "so i need to categorize them by 10.nn.x.xxx," How many machines do you have total?  Why can not vlan them now??  Once you determined that they should separate devices based upon function or location or dept, etc.. its time to segment your machine into networks/vlans not just different ip ranges in the same scope.. 300 plus and counting. we're about to rearrange the network next year, we haven't receive the switches yet :D

@johnpoz: @cmb if didn't use default gateway switching, and link went down how would the forwarder mode work?  Unless the dns isp was on the same segment as the wan? Because you always define a gateway for each DNS server in System>General Setup and that adds a route. The forwarded servers will only go out that specific WAN. I updated that wiki page to specify default gateway switching is another option.

Two thoughts: Check to make sure you haven't got an old DHCP assignment assigned to the machines, and try upgrading to the latest PFS release.

Pfsense

my bad yeah now that look closer its wlan1 and wlan2, that makes more sense to listen on..  So yeah if pfsense is going to only ask your AD and it looks up say google, then sure you only need its query interface to the be the one to be able to get to your local nameserver.

Agreed, if your going to use forwarder mode and want dnssec where your sending has to support it. As to your query, yeah depending on your os and setup its going to append your machines domain suffix to your queries.. If you don't want that to happen then end your query with . cnn.com.

I think I remember someone saying that some modems needed to be off for at least 30 seconds to properly reset them, so take that into account as well.

I have a domain at namecheap, let's call it foo.me – used for connecting to home services (synology NAS, VPN etc) and I like to use a wildcard for this  *.foo.me  so I can do split-brain DNS without having to worry about setting up 10 different A records and 10 different DynDNS updaters on pfSense. E.g when I'm at home on the LAN, I use nas.foo.me and that has to route to a different target (192.168.1.100) than vpn.foo.me (192.168.1.1) Problem:  I have a single wildcard entry .foo.me at Namecheap. When I tried to use the pfSense (2.2.5) Dyndns updater's standard mode it fails. I tried using just "foo.com" with the "wildcard" checkbox enabled (seemed to save but the public DNS didn't update) as well as just specifying ".foo.com" in the Hostname (pfSense GUI rejects the * as invalid). I wound up doing a "Custom" mode with the following URL scheme https://dynamicdns.park-your-domain.com/update?host=*&domain=foo.me&password=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx&ip=%IP% (That works) – is this a bug, limitation, or a PEBKAC issue?