Hello I installed pfSense from scratch and I saw that there was a mistake when I went to set the LAN card on pfSense, in fact, put the Gateway, and it would not let me run anything …. in fact if I went on Status - Gateway I Gateway is the the WAN to the LAN, the LAN I deleted that everything works now via DNS Forwarder can block facebook Hello and thanks to all

I have experimented with different values for lease expiration and settled on a day to try and make it as painless as possible for guests who say check in a 6PM and use their computer the following morning. I was trying to rule out an issue with shorter leases where a single user may be assigned several different addresses thereby consuming multiple addresses over the course of their stay. It seemed like this may have been happening as at any time there may have been 60 devices but yet nearly the entire scope was consumed. However, I will change it back to a shorter lease time as I think the real cause of the issue was in the naming of the access points, they had been identical and so guests were jumping between them and I think that was in fact causing the multiple leases to a single device. So now SSID are 1, 2, 3, etc… I'll also try setting up a cron with the service reboot, thanks very much. Any other suggestions, they are all greatly appreciated.

I fail to see how LLDP would have anything to do with your switch grabbing a DHCP IP for its management address, but alright.

The easiest way is to make pfSense LAN IP the upstream DNS server on the Windows Server Domain DNS. Then your domain clients can all use the domain controller (DC) for DNS, and the DC can get DNS from pfSense, then pfSense get it from OpenDNS. On pfSense General Setup you need to put OpenDNS IP addresses for the DNS Server/s. Then you can block other DNS on LAN, like in that doc. Alternatively, you can put OpenDNS server IPs in the domain controller DNS, and allow just traffic from the DC to OpenDNS (or to any DNS) on pfSense LAN). That way the DC can go directly to OpenDNS. And give domain clients the DC as their DNS server. You can leave the interface for administrative users open if you like. You will need some Dynamic DNS to update a public name on that dynamic IP WAN - then use that name in OpenDNS, so it will know "who you are" and can implement your filter setings.

Was this ever fixed for Namecheap, or do I still need to use the cron job and fetch?

Thanks to johnpoz & phil.davis. Sorry i apparently either did not receive a reply or missed them in my e-mail I guess my problem was that I've always thought of the (.***) as the extension and not the domain. and wouldn't you know it, as long as you don't put any (_) in the domain fields it's all fine and dandy. :) :D ;D :o ??? ::) :-[ :'( so using (hotspot) as the host, and (.m2m) as the domain, it's all of a sudden accepted as a correct and valid response….... & YEAH it Works! (in both the host and domain override boxes). oh and no (WWW.) required, the app simply does not require that. so now I can grab my iPad and manage my hotspot, which manages my WAN Internet connection. which is very handy for details like current DATA usage!!!, session usage, text messages, battery state, attached devices ( which should only be my PFS Box (Have To Make Sure the Neighbors Don't Get on as Somebody Else Is Slightly Paranoid, And I'm Happy with WPA2 Passwords), And Other Miscellaneous Settings. But Best Of All, i can let other people in the house use the app to see how much data we've used so far without using the data. ( of course accessing the hotspot may not always be accurate, but is at least local and a relatively close estimate of usage)

@razblack: hello, i have been using dnsdynamic.org lately, but you have to create a custom service in pfsense as it is not listed. i would tell you how to do this, but i can't figure it out yet. https://www.dnsdynamic.org/api.php they do have an API.. i tried using a simple URL (example they show) https://username:password@www.dnsdynamic.org/api/?hostname=techno.ns360.info&myip=127.0.0.1 but since the username is an email account, pfsense throws this in the logs: php: /services_dyndns_edit.php: Curl error occurred: Couldn't resolve host 'myemail.com:password@www.dnsdynamic.org' i'm guessing when using a username of 'username@email.com' the @ it is breaking things. I have a solution for those looking to update a DNS Dynamic hostname via pfSense. Choose Custom from the Service Type drop down and set a proper Update URL. See the code block below for example URL syntax. The key is to HTML URL encode the at symbol in the URL.  The @ symbol is %40 when encoded. https://username%40domain.com:password@www.dnsdynamic.org/api/?hostname=myhostname.mydomain.org&myip=%IP%

Thanks, I've done so for the code part, but what about the docs?

It turns out that the domain override in the DNS Forwarder actually adds wildcards, it is just that the docs and the label/legend in the GUI does not explicitly say so. If you need a wildcard in your DNS forwarder (*.domain.com) 1. Log in to pfSense instance via the web interface.   2. Go to Services-> DNS Forwarder (http://pfSensense_url/services_dnsmasq.php)   3. In domain overrides: add as many as you need, each entry on a new line. netflix.com 208.122.23.23 Where netflix.com is the end of the wildcard entry, and 208.122.23.23 is the ip of the DNS server that these wildcard names will be resolved by. Think of netflix.com as *netflix.com. So www.netflix.com, api-public.netflix.com, and anything else that ends in netflix.com and is not defined elsewhere, will be resolved by the DNS server at the ip provided. Each entry is translated into a –server=/domain.com entry for dnsmasq. See dnsmasq man pages for further details.

Disable it and ignore it.

@Cylindric: That seems to indicate I'd have to put them all in /etc/hosts? I want pfSense to check my upstream DNS server, which is my internal DNS server. The reason I want to do this is so I don't have a rules/alias list full of redundant ".mydomain.com" all over the place. Seems sensible enough? Especially with the odd fixed-width design of the GUI - a short list of hostnames quickly becomes very long if you have to use FQDNs. Have you checked the setting "Do not use the DNS Forwarder as a DNS server for the firewall" under System > General Setup? [image: vpyyjk.jpg] I just tried it with it both enabled and disabled on my firewall and when this setting is enabled my firewall is unable to resolve any internal hostnames at all (whether FQDN or not). Also have you entered an approriate domain entry under System > General Setup so that it is in the domain search list? If not then the hostname lookup will not know to append the domain when it gets an incomplete query.

[[NEVERMIND, I HAD A FAILING SWITCH ADJACENT TO FIREWALL]] I have the exact same problem. DHCPD says it's running but no clients are given addresses. After stopping the DHCP Server found 2 PID files in``` /var/dhcpd/var/run [2.1.2-RELEASE][root@pfsense.amc.localdomain]/var/dhcpd/var/run(3): ls -ahl total 8 drwxr-xr-x  2 dhcpd  _dhcp  512B Apr 21 15:35 . drwxr-xr-x  4 dhcpd  _dhcp  512B Nov 11  2012 .. -rw-r--r--  1 dhcpd  _dhcp    6B Apr 22 06:32 dhcpd.pid -rw-r--r--  1 dhcpd  _dhcp    5B Sep 26  2013 dhcpdv6.pid srw-rw-rw-  1 dhcpd  _dhcp    0B Apr 21 15:35 log Rebooting doesn't help. After deleting stale PID files and starting DHCP Server, one dhcpd.pid file appears.

Power cycled the modem? Usually need to do that after changing devices.

You could try a real misuse of the gateway function in pfSense. System->Routing, Gateways tab. Add a gateway for each WAP. pfSense will ping it and keep a status of if it is up or down. That will let you know on the dashboard if a WAP stops responding. And who knows, the ping every second might keep its interface awake.

"below the "domain" field there is a direction "eg: example.com".. Quite confusing." How that is a normal domain, with a host in front of it like www. for example then the domain example and the top level domain (tld) com.  You using myurl.ext is using the myurl as host in the TLD ext which not a normal configuration.  host.mydomain.tld would be a more standard configuration.  Use of tld as your domain is not really common practice.

Thank you very much. It works.