Look at Captive Portal Pass Through MAC as that may do what you need.

Well MAC address works only in local lan, and can't never go "through/over" router.. that's why ip-addresses are invented. But you could do dhcp-reservation for this mac address and make firewall rule to allow only one ip-address, and that is the same with the reservation

you should be able to do release/renew while doing a packet capture I would think.

Hello Thanks by your answer. That is what it happened. First I tried using the full backup and restoring only DNS. Didn't want to restore the full backup because i want to create new config for some sections. Best,

Well I tried putting a couple and enabling the IPGuard service. All the rest of the network went down. No one was able to connect to the local network as well. I'll look at the sample config and get back. In the meanwhile, keep posting :)

@cmb: @NOYB: P.S. Modified my pfSense forwarder to query the DNS servers sequentially.  My primary DNS server responds quickest nearly every time anyway.  So the additional queries don't really add any benefit, except when primary DNS server is down query responses will be slower.  But that is rare. I wouldn't do that in most circumstances, you'll have much more consistent performance with the defaults, and it's not like doubling, tripling or quadrupling your DNS requests has any notable impact on bandwidth or anything else. Not suggesting that you or anyone else should do this.  Just pointing out that it can be done because the OP asked about pfSense simultaneous DNS queries behavior. As mentioned previously, since my primary DNS server is the first to respond nearly 100 percent of the time the main benefit of the others is if/when the primary goes down, which is rare.  I’ll stick with sequential queries.  Don’t consider mine to be "most circumstances". But let’s not hijack this thread.  I’ve posted details for doing this in another thread where it can be discussed on topic.

I have a setup kinda like this for my guest Wifi. I used VLAN Tagging all the way to pfSense. Give your client a static ip and dns(like 8.8.8.8). Can you route out to the internet?

The same problem here with Nortel Contivity and pfsense 1.2.3. It happens 1-3 times a month. I've seen people with monowall complaining about the same issue. It must be something with hardware platform and freebsd incompatibility. Any chance about running script/cron job to check and restart dnsmasq service when it happens? Every minute or maybe every 5 minutes? That would do it for me. Crontab is not good place to add that because it might be overwritten. How about adding it inside /var/cron? I'm OK with Linux, but I would like some input from people with pfsense/freebsd experience. And yes, I still didn't upgrade to pfsense 2.0.1. Actually, it's on one of my customers machines and it looks like upgrading to 2.0.1 will not resolve this issue. And 1.2.3 works just fine for them for now.

forget the highlighting apparently. doesn't work in "code" sections!

Should I just configure a cron to periodically restart the DNS Forwarder?

Where you already have internal DNS servers, the only benefit of the DNS forwarder is it may improve lookup performance since it'll query all its configured servers simultaneously and take the fastest response. Aside from that, it's mostly beneficial for networks that don't have any local DNS servers.

Hmmmm… OK I have that set in my dhcpd.conf so some firewall rule on the server running dhcpd is blocking it from either sending or receiving the request. Thanks for all your help, I will have to continue to poke at this one. Edit: Got it to work, not exactly quite sure how yet. I did end up changing the listening ethernet port as 2 of 4 are on the same subnet/switch and deleting the dhcp ports firewall rule and it just started working. Thanks again for the help and direction.

Sorry for the late reply. The way I am reading the comment in pfSense is that I can not use the same DNS'es for both WAN. So I have set up two DNS'es for each WAN and they are not the same. Am I thinking the right way here? Or could I have used the same two DNS'es for both WAN? For WAN1 I am using 208.67.222.222 and 208.67.222.220 For WAN2 I am using 208.67.220.220 and 208.67.220.222

Thanks for the help.  With this information, I did a search for posts by stephenw10 and found the following post containing a script that cycles the WAN interface to do what I need. http://forum.pfsense.org/index.php?topic=43729.0

DNS Forwarder Strict Order Option Patch Attached patch file adds a DNS forwarder strict order option to System: General page. The strict order option cause dnsmasq to query each of the DNS servers in sequential order rather than all at once in parallel. Patches are intended as examples only. Patches are AS IS and Untested. Not for production use. Do NOT use in production environment. Use at your own risk. No support. By using these patches you agree to assume all liability. Save Attached File: System.DNSForwarderStrictOrder.patch(.txt) Apply Patch: patch -p0 -i System.DNSForwarderStrictOrder.patch Patch file built with: 2.0.1-RELEASE (i386) built on Mon Dec 12 18:24:17 EST 2011   System.DNSForwarderStrictOrder.patch.txt

An easier way to accomplish "resolve locally only" is to add the dnsmasq custom option local=/domain-name/ in the Advanced section on Services -> DNS Forwarder

http://doc.pfsense.org/index.php/Why_can%27t_I_have_static_mappings_inside_my_DHCP_range%3F