I have a virtual machine running that does radius/mysql/php as a payment management, PFSense is being used as an access controller.

I would expect better uptime in the cloud for my "Management" virtual machine, then my single point of failure it is now.  If the internet goes down, then I don't care that I can't access the cloud because nothing can. Plus, if I where to mange several PFSense boxes being used as access controllers, the cloud should be better for what I want.

I had not thought about my own package until I wrote up the post, so I do like that approach.  It should make debugging easier rather then changing the base system (only have my package to debug). Running the PFSense access controller stock with my DHCP package should be the easiest to accomplish what I want.

wallabybob, thanks for the feedback.

@nutt318:

when i ping my subdomain.domain.com its my public ip of my pfsense box

That suggests the system doing the ping is NOT using the pfSense DNS forwarder OR you haven't configured the DNS override entry in pfSense DNS forwarder correctly.

What DNS is used by the system doing the ping?

The DNS override entries can take two or three parameters and there are two types (host override and domain override). You provided only two parameters and didn't specify the type, hence my request for clarification of what you had specified in the DNS forwarder entry.

I don't know about the default lease time working. My pfSense DHCP server has two static IP addresses for my netbook: one for the wired connection and one for the wireless connection. If I am using the netbook wireless interface then disable the netbook wireless connection, connect the netbook wired interface to a switch connected to the appropriate pfSense interface and enable the netbook wired interface then the IP address migrates from the netbook wireless interface to the wired interface. The netbook is running Ubuntu 10.04.

Yes, it would take alteration to the base system code.

Thanks for the hint.

It is working in a dirty and crude way and i am able to proceed with testing.
The request to members.dyndns.org is rerouted to my server ip but because of the faulty hostname the request is served from the default server rather instead of the planned domain.

To be fully in bussiness i need the location and name of the configuration file(s) to change the server to send the request to.
Even better would be the possibillity to add another client where the hostname can be freely adjusted.

I don't know about IP Alias, but if you used CARP instead, the MAC Addresses will be slightly different. Are you hard assigning the addresses even though they are in DHCP reservations?

@broncoBrad:

I'm curious why does the Static IP Mapping allow for defining a hostname. Like say my windows computer has the name (hostname) jimbob-PC. So typically when pinging/connecting, I can just type ping jimbob-PC.

So the DNS forwarder can be given a known name for the IP address. A name can be included in a DHCP request. I presume the name in the pfSense static IP mapping overrides any name supplied in the DHCP request.

@broncoBrad:

But if I want to create a static IP mapping for my windows computer and I were to assign it a hostname other than jimbob-PC, such as myworldnow, does that mean that pinging/connecting now uses myworldnow or can I still connect via jimbob-PC??

You can connect by whatever name is known to the name server you are using. If you are using DNS then the name needs to be known to DNS. If you are using Windows networking to browse shares then I believe you can use the DNS registered name(s) OR the name(s) configured in Windows networking.

I had this problem on a PfSense 2.0.1 as Hyper-V guest. Try if it helps to bring the card down and up again:

ifconfig em1 down
ifconfig em1 up
dhclient em1

If it does, make a script that does that after booting.

For me that helped; I wrote it up here.

nobody can't help me to start proxy server on pfsense 2.0.1 and setup a freedns as proxy server and to share internet trough it ?

Patch tested and working. Thanks for the quick fix!

Thanks guys, that's solved it.

DNS was never my strong point, but it's nice to learn something new  :)

@wallabybob:

Go to Services -> DHCP Server, click on the tab for the relevant VLAN interface, enable it and fill in the details.

Thanks - turns out I hadn't enabled the vlan interface after assigning it, which was why I could create a DHCP server to run on it.

@jimp:

The way our GUI works there probably isn't a way around that.

You are telling it to deny unknown clients, but to the DHCP daemon any static mapping is in fact a known client.

If you have static ARP enabled though, even if the client pulls an IP it shouldn't be able to talk to (or beyond) the firewall since it would not match the static ARP entry. It may be able to talk to other things in its subnet though because it would be up to the switch to filter that.

If you really want to lock things down that much you should be locking down at layer2. Even if you cut the clients off from DHCP there is nothing stopping them from manually configuring an IP address on the other network(s) and bypassing any firewall restrictions to reach other things in that subnet without more protection at layer 2 from your switch.

FYI, I was using this same scenario up until version 2.0.1.

I have two physical interfaces, LAN and PHONE. I have a DHCP server enabled on both and "Deny Unknown Clients" checked on the PHONE interface. I have static mappings for both interfaces, but as of 2.0.1, a static mapping on the LAN tab allows a machine to pull an IP address from the PHONE tab pool.

Perhaps I had a happy coincidence of things to make it work the way I wanted, but it was definitely working for months until I upgraded to 2.0.1 a few days ago.

God lord that was an easy fix.  My head was going in the complete wrong direction and making it more complex than it needed to be

sorry to be so ignorant.  Thanks or the simple answer.

Thanks,
Brian

anyone?

@laurocgb:

I tried editing the XML config file with sed, but the result was a invalid xml, which made the system unbootable (network interface mismatch error, with only ascii chars on the xml, no acentuation).

Interface mismatch is reported on startup when the config file references an interface which isn't present in the system. That suggests to me that your editing may have messed with the interfaces section of the config file, perhaps changing an interface name or adding a new interface name. Did you keep the original config file so you could check your editing made only the intended modifications?

I don't know of any plugin or script to do what you describe so if you are unwilling to use the web GUI for your configuration changes some sort of editing of the config file is the only alternative I can suggest.

if you want to see the flow with nslookup, set debug.

If you wanting to actually do any real troubleshooting or understanding of what is happening with dns – the tool dig is much better suited then the very limited windows nslookup.

Yes for PTR records your going to need the arpa zone.

only one range is supported, you'd have to hack the source to do that. dhcpd.conf comes from /etc/inc/services.inc IIRC.

I just wanted to let you know that I got the problem resolved. The problem ended up being a comcast issue. Once Comcast was fixed, I rebooted the pfsense and everything started working. Also, now that it is working, I looked at the routes and the DNS servers are not listed anymore.

To do not get off topic, you can ask for varnish help on this thread

http://forum.pfsense.org/index.php/topic,38271.0.html