I think you misunderstood his solution - or maybe I misunderstood your last reply?

By creating those VLANs in pfSense, you can then create "virtual interfaces".  So you can have the 2 or 3 "Virtual interfaces" you created on the LAN interface.  Each virtual interface can have it's OWN DHCP server.

No need to route VLANs to the pfsense box.

Your cisco router would send the IP Helper address to each IP you assigned to the Virtual interfaces on pfsense.  So instead of having 1 DHCP server, you will end up with 3 or 4 but they are all running on pfSense.

I understood your original question and this is what you are looking for.  I have the same setup.  Works perfect.

The wireshark capture suggests the DHCP requests should have got at least as far as the Tomato. That you apparently don't see it on pfSense suggests you should look at the Tomato - perhaps it is not forwarding DHCP requests. Perhaps the Tomato has some sort of packet capture you could use to verify it is receiving the DHCP request and forwarding it,

Your firewall rule looks fine.

Now all of a sudden it works… I'm not 100% sure about this but I think the reason it didn't work is because I have several pfsense boxes on my network and the boxes other than the one I was testing on had the default pfsense.localdomain hostname setup. I think giving all of them actual hostnames allows the network to figure it out. Anyway, now that it works I don't want to jinx it by fiddling with anything hehe

Did I solve this with the new version of pfSense to RC3?
Because I'm using the previous version, I downloaded at the beginning of last year.

If you're talking about adding static IPs in Services->DHCP Server, you need to uncheck "Enable DHCP server on LAN interface". Static IPs are static; they won't change. Having DHCP server enabled permits PfSense to dynamically allocate IP addresses meaning that they could change at any time. When you uncheck "Enable DHCP server…" the range given will grey-out so you can't click in there. This indicates that that range is no longer applicable to your setup. If you're talking about the message that pops up when you go to Services->DHCP Server, that just means that you must have a static LAN address which you already should have. If not, go to Interfaces->LAN and give it an address.

I understand, but must do so because it is not just blocking the Internet, it's security network, computers are not the company have to get another IP ranger other than the LAN, so these computers are isolated in the Firewall Rules and I release them only for HTTP. So I was doing DHCP by MAC, which fall right in the registered and unregistered LAN fall into a ranger OPT2.

In the environment there is only one switch for that brand 3Com could even consider putting another to create a separate DMZ, but pfSense is virtualized on VMware with 03 virtual interfaces connected to a single physical interface (NIC) that is then connected to the switch.

Any other ideas?

Thank you!

You can disable the rebind protection under System > Advanced

Jimp,

Thanks for the reply.  What you suggest is what I have done and what I was trying to accomplish, however I was looking for a solution that would not require removing the package, just disabling it so that I might bring it back up later without starting over.

It doesn't appear that this is available so I have removed it.

Thanks,

Mark

Was messing with the dhcp options and found the following;

Added 1 option 6 entry.  This entry appears to override the other dns servers entered in "DNS Servers" cause an entry here cancels out anything you put there.

Anyway, want to list 3 dns servers, but entering 3 entries as option 6 I only get to see the last dns server entered.

If I enter several on the same line, pfsense give me an error.

Guess I need to know how to delimit one entry from the other.  , and ; don't seem to work….

JOL,

Thanks for the reply, but unfortunately that's not it.  I already noticed that.  I think that it is a change from pfsense 1 to pfsense 2.  Packages were moved to /var/.

Even when done in the right location the tcp file is lost on reboot.

I believe that the patch that previously fixed the problem has been lost somewhere along the line.

Mark

@ck42:

If I just PING hostname, instant response.
If I PING hostname.domain, it takes right at 15 sec. before I start seeing replies.

That sounds like the look-up for hostname.domain is being routed to a DNS server, that cannot be reached, and so is timing out.

Cheers.

Attached PHP include file will make it easier to apply and restore after updates.

As well as switch between multiple impersonation configurations of other routers.

Usage info is included in the file.

interfaces.Actiontec.MI424-WR.Impersonation.inc.txt

No, because there isn't a way to tell a static DHCP lease client to use a different gateway (in our GUI), so they wouldn't have a valid gateway.

Great Thanks for the Help ;D

You can't set DNS with DHCP like that in 1.2.3 or 2.0. You can only set those options differently if those clients are on a different interface+subnet.

Besides, if someone were smart enough they could just change their DNS servers manually to the other one you allow, and get around that restriction.

When you setup a restriction like OpenDNS you must also set rules on that interface that prevent the users from talking to any other DNS servers.

Cool - added to the wishlist. I use something similar, although my use is for reverse proxying of popular sites.