"I have 4 rules added: tcp 25 outbound only by my mailserver disabled for all others. same for port 465. last rule is allow LAN to any rule." Lets see these rules - because the way you describe them, they are not going to work if your last rule is an allow all. So you have pointing to itself with the 127.0.0.1 entry - are you running the dns forwarder?  If not what is running on pfsense to resolve, so 127 is should not be there. If your not running the forwarder, then you should put a check next to the box that says Do not use the DNS Forwarder as a DNS server for the firewall And that 127 entry should go away.

Thank you both for your helpful replies! I totally agree it seems like a rogue NAT-router has been set up somewhere, because the portal I'm taken too when I get an IP in the wrong range is equal to the login-page of one of the popular ISP residential NAT-routers. The switches are manageable, so i should be able to track down the router, but "unfortunately" it seems it has been taken off the network again - I haven't been able to get connected to the wrong IP-range since i posted the message. Though it's good the problem has apparently been solved, it would have been nice to catch the router after months of annoyance :) Anyway, now I know how to handle it the next time someone plugs in a NAT-router, so thank you both! Rune

Im confused on this network setup..  So 192.168.5  and 192.168.1 are the same broadcast domain?  What mask are you using?  In a normal setup these 2 segments would be different, and should not be possible broadcast to the other network for dhcp. How are your networks connected?

I now have this working. Here are the steps I took. 1. Install TinyDNS (System -> Packages -> Available Packages -> Install dns-server) 2. Added new domain to Tiny DNS (Services -> DNS Server -> New domain wizard) During this step, I added my domain (foo.com) with a number of initial hosts 3. Configure Tiny DNS (Services -> DNS Server -> Settings) I set the following: Enable recursive DNS responder: Disabled IP Address: 127.0.0.1 Interface to listen: loopback I left all other settings as default 4. Configured DNS Forwarder (Services -> DNS Forwarder) Enable DNS forwarder: selected Interfaces: LAN 5. Added domain to overwride (Services -> DNS Forwarder -> add Domain Override near bottom of page) Settings here are Domain: foo.com IP address: 127.0.0.1 6. Ensure that your ISP's DNS servers (or whichever servers you want to forward to) are configured under System -> General Setup This is now working. All requests for my domain are handled by TinyDNS and everything outside my domain is handled by the forwarder.

Replace /etc/inc/services.inc and /usr/local/www/services_dhcp.php with the following. Not 100% sure that it works properly in practice, but it definitely leaves the routers option out of your DHCP config. To use, type "none" without quotes in the gateway field. services.inc services_dhcp.php

It was noticed a few times, we put a fix into the tree for it, 2.1.1 will find that and move it back where it belongs

General curious question for you - why don't you point your clients both vpn and local to pfsense.. This way you can resolve your local network hosts, etc.  pointing to outside dns seems counter productive if you want to resolve anything on your own network.

This is normally handled by DNS services on the network. If you are not using pfSense as your DNS server, then you will need to add pfsense DNS entry into this server to be able to ping my name. If you are using pfSense as your DNS server, then just set up hostname and domain name in general tab and it should resolve for you.

I'll try that but I think I may have found another issue. I tried to edit see what the resolv.conf file was set to in shell and the file itself is a symbolic link pointing no where. If I try to edit it or remove it to create a new one, it tells me it's a read only file system.

And you have a ipv6 address for what your trying to resolve So I put in a ipv6 for my pfsense address. If I ask for something that doesn't have AAAA I get a empty response right back. [image: ipv6addressAAAA.png] [image: ipv6addressAAAA.png_thumb] [image: resolvesjustfine.png] [image: resolvesjustfine.png_thumb] [image: noAAAA.png] [image: noAAAA.png_thumb]

You can do an ARP scan in nmap (choose the interface, enter the subnet x.x.x.0/24, select ARP)

This question has been answered  :) Thanks! http://forum.pfsense.org/index.php/topic,64476.msg373939.html#msg373939

Thanks Treffin for the suggestions. I tried to add the section to the <staticmap>declaration directly in config.xml but as soon as I touch the GUI the section is removed :) <numberoptions><number>67</number>                                         <type>text</type>                                         <value>/pippo/pluto/cecco.cfg</value></numberoptions> I'm going to explore the DNS option on the phone side but if you think of something else or If I do, I'll write here. Thanks!!!</staticmap>

What kind of hardware does the pfSense 2.1 run on (specifically the lan controller)? Although not the same problem as you're describing, I have a Windows 7 machine that occasionally drops out of the network due to not being able to renew its DHCP lease. I could see the DISCOVER/OFFER sequence (but not the ACK) when it happened in the DHCP logs on the pfSense unit. Since I haven't had this problem with my previous router (Netgear), I suspected that it might have something to do with the pfSense box I am running on. In my case, the pfSense box has Realtek 8111 chip (and so does the Windows 7 box). At some point, I need to track it down and figure out why it can renew DHCP lease. Not that I think it might be relevant, however, there are a couple of settings in the Advanced Networking tab (System->Advanced->Networking) such as LRO, TSO, and hardware checksum. You could try if enabling/disabling any would make a difference (might need to reboot after modifying the settings). Good luck.

Thanks man… :) last question, is pfsense can automatically assign static ip or can reserve all address after distributing it to clients

Well to see if your flooded - what traffic does pfsense show?  Under diagnostics you could do a capture on your lan interface and see if your seeing something odd.