Solved it by starting dhcpd with "-d". This showed an additional missing lib named "ld-elf.so.1". After copying this file also to the chroot-environment, everything was fine.

my WAN has directly public IP. about one day change once IP.  PFsense sometime can't normal update.

@gavit: Is there a way to see how the watchdog checks if my ip changed? I'd like to see which IP address he's checking. My PFsense is behind my ADSL modem so the ip address of my pfsense/WAN will always remain the same. The IP Address of my ADSLmodem/WAN will change. The pfSense software uses http://checkip.dyndns.org/ to find the current public IP of the WAN. That will return the public IP that your front-end ADSL router/modem has, and then pfSense will update the dynamic DNS name to point to that public IP. I do this lots from pfSense with a private WAN IP behind an ADSL router, it works fine. Of course, if you actually want to provide some service to outside users using that dynamic DNS name, then you will also have to port forward the relevant port(s) on the ADSL router through to your pfSense.

No it doesn't work that way, the only reason it lets you add that without an IP is for users who use the option to only assign IPs to known listed MACs.

my host machine is currently connected to a router. in this way the host machine will still get its internet connection.(am using teamviewer). but prior to connecting the host machine to the router, i forgot to reconfig pfs WAN interface to dhcp. So that's where i think the conflict is, although I am able to run pfs as guest on vbox but i can't open the web GUI (based on my experience) if my internet source is dhcp yet my pfs WAN is static. anyways, yeah i was able to use your advise, i didnt realize the "2" set interface can set the WAN into dhscp, and thanks alot!!!!

The VPN connection has an IP 192.168.10.0 and the network I am connecting to is also 192.168.10.0. The LAN IP on my home network is 192.168.5.0. Wouldn't it cause issues if my Home (192.168.5.0) and my VPN (192.168.10.0) are on the same segment? I may have misunderstood and all you are asking is if the VPN has the same as the network I am connecting to. If that is the question , yes. I only connected for a few minutes each time , I should let it sit for awhile and see if they show up. The setup I am using now is different than before. Pfsense is still the firewall but I was using a virtual Windows server 2003 to control DNS and WINS , now I am just running a physical 2012 server . The reason I switched was because I previously was using a Samba fileserver on Ubuntu 12.04 and it was kind of pointless to have both. I could have setup the Ubuntu server as both DNS and WINS but really when I plan on running 50 or so machines in the virtual server I think server 2012 is better suited. Thanks again

Happy Holidays from the Newby here. I am having the same issue here. Use Cox Communications with Dynamic IP address. every Saturday night at midnight, the lease expires on the WAN IP and all I see are "apinger: ALARM: WAN_DHCP(NN.N.NN.1) *** down ***" (where the n's = the ip address up the gateway to Cox). The only solution for me is to reboot the PFSense Firewall. I am now trying a script from the following post and will keep you up to date on my progress. http://forum.pfsense.org/index.php/topic,17243.msg89348.html#msg89348  (or look up message # 89348 in the forum search) My setup is: 2.1-RELEASE (i386) built on Wed Sep 11 18:16:22 EDT 2013 FreeBSD 8.3-RELEASE-p11 You are on the latest version. Platform pfSense CPU Type Intel(R) Atom(TM) CPU D510 @ 1.66GHz Current: 1257 MHz, Max: 1676 MHz 4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads Using onboard adapter as wan (re0) Using Asus Gigabit PCI NIC as lan (re1) Also, I want to confirm that this is only happening on PFSENSE (version 2.1), NOT my standby $50 Asus consumer gateway, WiFi routers, nor Clear0s, m0n0wall, SmoothWall. I hope this helps. JonnyB SunnySD, Ca

In System->General Setup, make sure you specify a DNS server for each WAN. Then when 1 WAN is down, there will still be a DNS server reachable on the other WAN. e.g. 8.8.8.8 on WAn1, 8.8.4.4 on WAN2 If you have a reasonable "ordinary" configuration (e.g. 1 LAN with 2 real WANs to the internet) then you can also enable default gateway switching (in System->Advanced Miscellaneous tab) and then the default route will switch over and pfSense itself will get to the internet from the shell.

@ptt: Your "Block" rule is wrong…. The Source port should be "Any"  not 53...  Only the "Dest" port should be 53  :) Also, the "total bandwith up/down" Rule, allows traffic from "Any" to "Any".... get rid of that rule  ;) thanks for the response.  I did change the source port to any and removed the bandwith up down rule. the up/down rule was to provide a rule for a limiter ( which I guess I do not have configured correctly). Once I removed the bandwith up/down rule dns responses were blocked correctly on the wan interface and I don't need the port 53 rule this was a total meatware problem.  :o

Right, lets continue there :) Thanks for your replies so far.

Domain overrides would be what you want there, you can send a particular domain to a specific DNS server(s).

So it look to me like you have a multiple wans both behind nats, and then pfsense nats again.  Why?  Do people setup crap like this?? So you have a ms server?  Is it running active directory, are you machines part of this active directory? All members of AD should use their DNS of the AD for their dns - PERIOD, end of story if you are not setup this way then your going to have issues!! Your AD server then points to whatever dns you want to use.. Be it pfsense dns forwarder or external dns. Where do your clients point to for dns, where does ms2012 go for dns, it is setup to query roots or forwarder to pfsense - something else?

@jimp: There was a discussion here on the forum about this already with a workaround. Search the forum a bit and you'll hit it. Is the workaround you're referring to, the one I'm currently doing with the cron job, because I was really hoping this was going to be fixed in 2.1 but it's still not working for me either.

You can change the theme of pfsense web gui, so if that is what your asking - but all the items should be there.  You can not setup relay or enable it if you have dhcp server enabled on any interface. To see that screen you would need to disable pfsense dhcp server. You can change themes on the bottom of general setup, I like nervecenter - but I don't believe it is default theme? I am using 2.1-RELEASE (i386) built on Wed Sep 11 18:16:50 EDT 2013 FreeBSD 8.3-RELEASE-p11 [image: dhcprelayoff.png_thumb] [image: dhcprelayoff.png] [image: dhcprelayenable.png] [image: dhcprelayenable.png_thumb]

It is a trend - lots of regions/countries are running short of IPv4 public address space from their allocations. Here in Nepal we had a WiMax provider recently who did not even use the Carrier-Grade-NAT reserved space. We got an address like 10.20.n.n !!! Bad luck if your company happened to have picked 10.20.0.0/16 for their internal private network. Now this WiMax provider has got some public IP address space and we have got our own public IP. Same has happened on the 3G mobile phone system - they just don't have enough IPv4 public address to give out 1 to every phone that asks. So sometimes we get CGN addresses. If I want to use a router with 3G dongle and have an OpenVPN server on it to allow remote connections back to a small office/home office then sometimes it works (mobile phone carrier DHCP gives a real public IP and DynDNS name is set to that and all is good) and sometimes it does not (gets a CGNat IP, DynDNS name is set to the ISPs eventual front-facing public IP and of course that does not port forward back to me!) If you want to provide remote access to stuff, then you have check with the ISP when you sign up that your plan comes with a real public IP.

Hey Phil, I've got that option disabled unfortunately (as I am on a static IP). Edit: So I found a workaround. I read here that the effect of disabling the DNS forwarder will simply cause the servers specified under the General setups' DNS server list to be specified as DNS servers for the DHCP LAN clients. Perfect!

I guess the guest wireless AP is behind (is it itself) an internal router that is itself sitting on your LAN. If so, then just: Add a pass rule on LAN for source IP the guest WiFi subnet Add a gateway in System->Routes with the IP address of the internal router on your LAN. Add a static route for guest WiFi subnet, to the gateway from (2)

Someone crossed the streams. Glad it's fixed.

It's working with the wifi. Thanks for pointing me in the right direction.

Well for starters on your dhcp server - Here is the thing if your on AD, then your AD really should provide both dhcp and dns.. Just the best solution. As to your configuration of multiwan - yeah prob something wrong with it.. Draw up your network and post your configurations and we can take a  look see.  But without some more details there isn't much anyone can do.