@johnpoz: Yeah it does, because he using dhcp for his wan IP.  This worked, but setting his 1:1 nat to some static that was not valid.  So when he set ip to .5 for the 1:1 nat does not work. When set to dhcp and got .10 address not 1:1 nat and used his dhcp gotten wan IP to get to internet worked just fine. Thanks.

@rtabique - miles267 had issue where he was trying to use INVALID static public IPs on his wan and setting up 1:1 nat to these IPs that were not working!!  So any IP he setup a 1:1 nat for to use these bad public IPs is not going to talk on the internet.  But if it got a dhcp address and was using a different private IP that was setup in the 1:1 it used his dhcp wan IP address and worked just fine. He spread his issue about 3 different threads all about the same problem!!!  So you might think your problem is related to his when it is in fact something completely different. I find it highly unlikely your also using bad static IPs from your ISP while also trying to use dhcp on your wan interface, while also doing 1:1 nats to these bad IPs? ;) Your best bet is to start your own thread and describe the issue your having.

Hey, you're right! I rebooted and the problem went away. Thanks for the help.

Just write a small shellscript or some lines of C-code to convert it. The content is "basically" the same and it should not be that complicated to parse it. Actually i think there was already once a thread about this exact same thing and someone already wrote a parser. Have to see if the person posted it somewhere. Edit: found it: http://forum.pfsense.org/index.php/topic,25610.0.html

yes, to solve my problem i installed dhcp on a server, it has more feature than pfsense's dhcp and exactly fits my needs

thanks a lot!!!

I answer my own question, I realized that this is not a DNS problem but a NAT problem. Enabling "NAT reflection" in the NAT rules did the trick. But not for port 80, I guess I have to change the pfsense webGUI port for that one to work. Best regards, L

Yea I was worried I was going to have to do that but I guess my goal was to be energy efficient as possible and not standing up another box just for DHCP services.  My PC room already is toast haha.  Thanks for the clarification though, maybe I will think of another design which involves virtualizing pfsense and a linux distro on my atom box but then again, i don't know what the performance will look like if I do that since I plan on playing with other packages like the IPS module, etc.

:)Thanks wallabybob, I'll keep an eye on it …

Ah domain overrides are what I need! Thanks.

Thank you all for your wonderful ideas and for pointing out the public availability of our DNS servers. At one point, we were fine with recursion for various reasons but over the past year our servers have been hammered! Anyways, the problem was due to converting our DNS from FreeBSD to CentOS, adding IP aliases to the NIC, and not having the proper subnet assigned to those aliases. It was working fine on the old router system but since our colo made some routing changes and we implemented pfSense, the faulty subnet settings popped up. Again, thank you all!

The main thing if you do use a DNS forwarder (generally that's a good option as a secondary DNS in SBS environments and similar where you have only one AD DNS server), is make sure you're forwarding the AD domain to the AD DNS. If you have a typical full blown AD environment, it's best to point the clients straight to the AD DNS, but only because they'll register their hostnames in your AD DNS that way. As long as you have that domain forward in your DNS forwarder, AD works perfectly fine for clients using the DNS forwarder. It's just DNS name registration that wouldn't work in your AD in that case.

Hi, I've been looking around and I think that what I'm looking for might be simpler than what I asked for before does anyone knows if there is a way to run 802.1x Authentication on the LAN interface? Cheers,

@ttblum: How do you configure separate scopes in the pfSense DHCP GUI? New feature in pfSense 2.1 snapshot builds - see http://forum.pfsense.org/index.php/topic,53716.0.html

"If there are DNS entries in general settings, and I remove the WAN cable, local DNS is slow." Give example of this..  So If I query my local dns (pfsense) for a local address. C:\Windows\System32>dig @192.168.1.253 i5-w7.local.lan ; <<>> DiG 9.9.1-P3 <<>> @192.168.1.253 i5-w7.local.lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49489 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;i5-w7.local.lan.              IN      A ;; ANSWER SECTION: i5-w7.local.lan.        1      IN      A      192.168.1.100 ;; Query time: 5 msec ;; SERVER: 192.168.1.253#53(192.168.1.253) ;; WHEN: Mon Oct 08 02:02:40 2012 ;; MSG SIZE  rcvd: 49 how is it slow if your wan is down.. So I unplug connection from cable modem - pfsense has NO wan connection, and C:\Windows\System32>dig @192.168.1.253 i5-w7.local.lan ; <<>> DiG 9.9.1-P3 <<>> @192.168.1.253 i5-w7.local.lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45643 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;i5-w7.local.lan.              IN      A ;; ANSWER SECTION: i5-w7.local.lan.        1      IN      A      192.168.1.100 ;; Query time: 4 msec ;; SERVER: 192.168.1.253#53(192.168.1.253) ;; WHEN: Mon Oct 08 02:05:09 2012 ;; MSG SIZE  rcvd: 49 so asking for another address C:\Windows\System32>dig @192.168.1.253 current.local.lan ; <<>> DiG 9.9.1-P3 <<>> @192.168.1.253 current.local.lan ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15888 ;; flags: qr aa rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;current.local.lan.            IN      A ;; ANSWER SECTION: current.local.lan.      1      IN      A      192.168.1.220 ;; Query time: 5 msec ;; SERVER: 192.168.1.253#53(192.168.1.253) ;; WHEN: Mon Oct 08 02:05:49 2012 ;; MSG SIZE  rcvd: 51 This is all with pfsense wan disconnected, except for the first query..  So show example where your slow.

you have to allow 53 to your pfsense lan IP for clients to be able to talk to pfsense for dns.. Default rule allows all outbound traffic, if your going to restrict it - then you have to allow for atleast your clients to talk to pfsense on its IP on tcp/udp 53 so they can ask its dns forwarder to go lookup google.com for example Then the client will go to www.google.com on tcp 80 or 443 which you allow any on.

cmb: doh… yep my bad. Wasted bits…  :o I ran into the page a few moments ago... prompted my return to the forums. joako: thank you. I'm guessing it was too many brews that night. ;-) I really should have known I've used it quite regularly… an old-timers moment creeping in... bad post :D    Now that's a Marquee!    8)