DHCP and DNS

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

G

WAN interface with IP - sending DHCP Requests

Watching Ignoring Scheduled Pinned Locked Moved
9

0 Votes

9 Posts

3k Views

G

All sorted. Thank you for your time. GE
J

DNS lookup failing

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

2k Views

S

at results do you get on your client computers if you try running nslookup or dig? Here 172.16.0.1 is my pfSense system and my updstream DNS servers are OpenDNS: stan@t310:~> nslookup google.com Server: 172.16.0.1 Address: 172.16.0.1#53 Non-authoritative answer: Name: google.com Address: 74.125.224.225 Name: google.com Address: 74.125.224.232 Name: google.com Address: 74.125.224.229 Name: google.com Address: 74.125.224.228 Name: google.com Address: 74.125.224.226 Name: google.com Address: 74.125.224.224 Name: google.com Address: 74.125.224.230 Name: google.com Address: 74.125.224.227 Name: google.com Address: 74.125.224.233 Name: google.com Address: 74.125.224.238 Name: google.com Address: 74.125.224.231 stan@t310:~> dig google.com ; <<>> DiG 9.9.2-P2 <<>> google.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 320 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 277 IN A 74.125.224.225 google.com. 277 IN A 74.125.224.231 google.com. 277 IN A 74.125.224.238 google.com. 277 IN A 74.125.224.233 google.com. 277 IN A 74.125.224.227 google.com. 277 IN A 74.125.224.230 google.com. 277 IN A 74.125.224.224 google.com. 277 IN A 74.125.224.226 google.com. 277 IN A 74.125.224.228 google.com. 277 IN A 74.125.224.229 google.com. 277 IN A 74.125.224.232 ;; Query time: 1 msec ;; SERVER: 172.16.0.1#53(172.16.0.1) ;; WHEN: Mon Jun 3 09:41:19 2013 ;; MSG SIZE rcvd: 204
C

Why would DHCP assign IPs backwards down available range?

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

981 Views

J

Does it matter? It's been that way for over a decade, it's just how the ISC DHCP server works. Once all of the IPs in the pool have been used once, it becomes (essentially) random, so it doesn't matter if it starts at the beginning or end of the range. If you need to make static assignments, keep them outside the pool/range or decrease the size of the range to account for them, and everything will be happy.
T

Interface dependent DNSForwarding

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

811 Views

No one has replied
J

Static mappings and failover

Watching Ignoring Scheduled Pinned Locked Moved
2

0 Votes

2 Posts

1k Views

J

@jazzl0ver: Hi, When configuring dhcp failover, should I manually enter static mappings on primary and secondary servers or they should replicate automatically? Thanks in advance! Self-answering: I forgot to turn DHCPD sync on in CARP settings.
T

RFC 2136 Dynamic DNS client

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

978 Views

No one has replied
A

Will this work?

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

2k Views

J

^Exactly that would be a better option ;) But as to pools, not sure if available in the 2.0 line - in 2.1 you can create pools of addresses that all fall under the same segment [image: dhcppools.jpg] [image: dhcppools.jpg_thumb]
T

[solved] DNS resolving problem

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

1k Views

No one has replied
A

No free lease?

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

2k Views

A

That did it. Thank you sir
R

Best way to forward DNS for a parent domain (pfSense) on Microsoft DNS Server

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

2k Views

R

Thanks, I went for option (b) and it works a treat!
R

LAN IP address is screwing up after I reinstalling pfsense

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

2k Views

R

ok found the problem, in the advanced option, dns rebinding check. I uncheck it then it works like charm… but a bit confuse though with the description, since it says the opposite of the effect (I have windows AD).
W

Confused about hostnames/domains

Watching Ignoring Scheduled Pinned Locked Moved
3

0 Votes

3 Posts

2k Views

W

Not what I was hoping for :) But seems reasonable to me, thank you very much!
E

*Onsite: After Upgrade, DNS not working for DHCP clients

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

1k Views

E

I can traceroute and use DNS diagnostics on teh web GUI, however any machine (PC, MAC, Net Drives) can not access the internet. I tried even manually changing the DNS settings to the workstions/desktops to Google DNS 8.8.8.8, that did nothing. Traffic is not allowed i smy guess. I've tried restoring from a month old configuration which was saved before the upgrade… no difference. I'm new tyo pfSense and was not the original installer - I inherited this along with the new client. Any help here would be greatly apprecioated. I'm about to try resetting to factory defaults =, test then restore again the configuration. Erick
I

Dnsmasq: failed to send packet: No buffer space available

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

3k Views

No one has replied
S

Trouble with Static ARP

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

984 Views

No one has replied
C

Multiple Lan Subnets on one NIC card

Watching Ignoring Scheduled Pinned Locked Moved
5

0 Votes

5 Posts

4k Views

C

@phil.davis: I wonder if there is an issue here even when using Automatic NAT. Does pfSense correctly add NAT rules for the extra "virtual" subnets that it finds on LAN? You can check that by looking at /tmp/rules.debug and search for "nat". There should be an outbound NAT section that includes references to your 10.0.0.0/16 subnet. I was using Automatic NAT, and this is what I found (It did not reference the 10.0.0.0/16 network): cat /tmp/rules.debug | grep 'nat' no nat proto carp nat-anchor "natearly/" nat-anchor "natrules/" tonatsubnets = "{ 10.13.0.0/16 127.0.0.0/8 }" nat on $WAN from $tonatsubnets port 500 to any port 500 -> 192.168.222.189/32 port 500 nat on $WAN from $tonatsubnets to any -> 192.168.222.189/32 port 1024:65535 so I did a generic any to any on the WAN adapter, like the attached photo, and it works like a charm now!! [image: fw_nat_outbound.jpg] [image: fw_nat_outbound.jpg_thumb]
P

DHCP from pfSense, DNS domain override to Windows Server 2008 R2 ADDS

Watching Ignoring Scheduled Pinned Locked Moved
6

0 Votes

6 Posts

10k Views

P

We have some sites that have a "real" server (Dell PowerEdge etc) with dual power supply, RAID… that were bought some years ago, and suck 100-125 watts! Plus "ordinary" desktop-size servers that draw around 55 watts. These use way too much power to leave on through 6-9 hour gaps in mains power. Yes, I will be glad to be not dependent on them ASAP. We are in the process of moving to the Fit-PC3, 9 or 10W. So, along with Alix board pfSense 6W, and a TP-Link (4-port Gb ethernet switch+WiFi AP) 6W, and a front-end ISP device (ADSL modem, WiMax device...) 6-8W, we will be able to keep a core network running for 30W total. With a couple of 80W solar panels and suitable battery/s it can be off the mains completely. This will allow the Windows domain controllers to stay up 24/7 and talk to each other across OpenVPN all night - finally we will be able to sync big files to/from head office at night and so on. Until that is installed everywhere, I will try the workaround DNS stuff - it sounds like @joako has done it with success.
J

Dynamic DNS Updating + Transparent Proxy does not work

Watching Ignoring Scheduled Pinned Locked Moved
1

0 Votes

1 Posts

1k Views

No one has replied
M

[SOLVED] - Do I need 2 pfSense routers for multi-LAN single WAN setup?

Watching Ignoring Scheduled Pinned Locked Moved
4

0 Votes

4 Posts

7k Views

M

I've restarted the install from scratch to make sure that there are no errant settings hanging around. I'll write this post as I configure it up. I have the following NIC setup in VMWare: [image: vmware-network.png] VMnet 0 (my main real LAN that goes to the internet), 2 and 3 are mapped to the pfSense router VM, in that order. Once I install, run the config and set the static IPs on pfSense I get the following: [image: vmware-pfs2.png] Any machine on the LAN interface can now see the router and get to the web. They have the following config: [image: vmware-pfs3.png] I setup the NIC for the machine in the OPT1 network like so: [image: vmware-pfs5.png] Any machine on OPT1 cannot do a jot. There were no firewall rules setup, so I added the following, which replicated the LAN rules, apart from the anti-block for port 80: [image: vmware-pfs4.png] Now the LAN subnet can still get to the internet. The OPT1 subnet can ping the router, ping LAN addresses and get to the internet. It also resolves names into the AD DNS. ??? ??? So that's everything that I wanted it to do. It is now working exactly as I wanted. Go figure. I've just added another OPT2 NIC for the 192.168.102.0 network and followed the same approach and that's working a treat. Thanks for your help. I think it was down to the reset states. I probably had the right config at some point yesterday, but it didn't register properly as I hadn't done that reset and therefore I had assumed it hadn't worked. I can get on with the real work now. Thanks again for your help…
B

DNS Forwarding over VPN

Watching Ignoring Scheduled Pinned Locked Moved
8

0 Votes

8 Posts

14k Views

J

The source address field was added on 2.1, but you can get the same effect using advanced options and removing the current domain override. Make sure to remove the current domain override, so the advanced option one will take effect. server=/domain.com/x.x.x.x@y.y.y.y domain.com is the domain to override, x.x.x.x is the DNS SERVER IP, and y.y.y.y is your LOCAL source IP.

271 / 331