@wallabybob: They don't seem functional to you. What is your evidence they are functional? All other computers connected directly to the SMC(10.1.10.1/24) work. And before I started playing around with pfSense, it all worked. It is often necessary to reset firewall states after rule changes. See Diagnostics -> States, click on Reset States tab. I heard about that. Diagnostics: Reset state executed. Back to the LAPTOP: NSLOOKUP google.com timeout. What does pfSense shell command ps ax | grep dnsmasq show? Diagnostics: Execute command results $ ps ax | grep dnsmasq 36245 ?? S 0:00.01 sh -c ps ax | grep dnsmasq 36729 ?? R 0:00.01 grep dnsmasq 44710 ?? S 147:22.02 /usr/local/sbin/dnsmasq –local-ttl 1 --all-servers - Your routing table is messed up? What does pfSense shell command netstat -rn show? Diagnostics: Execute command results $ netstat -rn Routing tables default | 70.x.y.50 | UGS | 0 | 401 | xl0 10.1.10.0/24 | link#1 | U | 0 | 12407 | fxp0 10.1.10.5 | link#1 | UHS | 0 | 0 | lo0 68.87.69.146 | 70.x.y.50 | UGHS | 0 | 5 | xl0 68.87.85.98 | 70.x.y.50 | UGHS | 0 | 35 | xl0 70.x.y.48/30 | link#3 | U | 0 | 9988 | xl0 70.x.y.49 | link#3 | UHS | 0 | 0 | lo0 127.0.0.1 | link#4 | UH | 0 | 3628 | lo0 (link#2 is OPT1 and edited from this list) What is the IP address of the DNS your laptop is using? ipconfig /all shows DNS Servers 10.1.10.5 (DHCP assigned) Your assistance is very much appreciated.

I think I might have fixed it… For some reason if you check " Non-cached DNS " on that site, it'll show my SOA record. Weird.

Did you ever get this working? I want to do the same thing, but as far as I can tell it's not possible.

It's all good :). Once i find some time i might take a look at the php code of the gui parser myself. The box it's stable and in production now :)

No i just hard rebooted the router after it got hang. thanks

Your not really filtering access, your filtering lookup of the address is all..  If they are smart enough to change the local machines DNS, then they are smart enough to use a host file or a proxy to bypass lookup filter. You might want to look at the squidguard package if your really interested in content filtering.

I sent that to this user. Let me know if it's better for you. I did that under pfsense 2.0 I noticed also many things missing and needed to be improve. I will maybe send them once I worked on them. Let us know if it's usefull for other or only me and this user were lucky to make it work. J

It is ften necessary to reset firewall states after changing firewall rules. See Diagnostics -> States, click on Reset States tab. If your access fro LAN2 to LAN1 is being blocked by the firewall default rule you normally see this logged in the firewall log at Status -> System Logs, click on Firewall tab.

my bad, with unbound being available I sometimes forget that not everyone runs it.. for the life of me I don't know why ;)  But I guess not everyone likes to run a fully configurable dns resolver ;) heheh I do believe sometime down the road unbound will be integrated – but until then yup you can do what cmb suggests.  I would think that prob be the default config? Or you can install the unbound package ;)

as it was resloved in http://forum.pfsense.org/index.php/topic,42913.0.html dnsmasq thought it's attack " dnsmasq[5522]: possible DNS-rebind attack detected: free.anport.ru" I added an option "rebind-domain-ok=free.anport.ru" to DNSmasq advanced config and it's all right now.

Did that, made no difference. Same issue with both NIC's. Also hooked it up with a short cable to the cablemodem, also no difference. edit: I'm back in business. Couldn't get Debian to cooperate (guess I'll have to learn more about Debian before I try that again), but IPFire was willing to cooperate, I'm back online :) , now hoping it keeps working. But I've still no clue what happened this morning with pfSense.

That happens most often when your domain has wildcard DNS active. The way DNS works, as laid out above, your search domain is appended before it queries farther up. Because you have wildcard DNS on, that returns a valid response. Without wildcard DNS, the entry does not exist, and it moves on to trying a higher level.

@djroketboy: Thanks, but I guess i'm just not seeing anything there to change. I am running 2.0, if that makes a difference. Also, I just found the FAQ (http://doc.pfsense.org/index.php/Why_can't_I_have_static_mappings_inside_my_DHCP_range%3F), and it really just put a bad taste in my mouth. I have never heard of such a limitation. In fact I have yet to find anything that backs up the FAQ anywhere including ISC, Redhat, BSD. So right now to me its just a silly pfsense limitation. You're wrong. Don't believe me? Easy way to prove it - setup a DHCP scope with one IP, take out the input errors line in services_dhcp_edit.php that prevents you from adding such an entry and add a static mapping for that one IP that's in your scope. Plug something into that network that isn't your statically mapped host, and look, dhcpd just assigned it your "static" mapping except to the wrong host. That's just one quick way to illustrate what will happen to such configurations. Why? Ask ISC, I agree it's silly, but you're barking up the wrong tree. If you enter a static mapping you want to ensure it's truly static, not just preferred, which is why that restriction exists. If your host is the first to grab that particular lease, and never gives it up, sure that will work as desired. But we do that for good reason, having it outside the pool is the only way to ensure that IP is never assigned to anything else, which is what you would expect for such functionality. Your other networks aren't doing what you think they are, they function by coincidence only.

You'll need to use proper layer 2 segregation, so VLANs or a separate interface and switch. No way around that if you want to use CP on one network and not the other, and run DHCP normally for both too (it's not possible to run two normal DHCP servers on the same subnet, no way to tell which subnet to assign IPs from).

For future use it would be great if you could type down the solution for us to view.

Tanks for this link. I already read it when I try to setup an ipsec connection for Iphones/Ipads devices. Setting up vpn is not the problem and as suggested in the trouble shotting section : Supplying a local/public DNS server will work around that. That's what I'm trying to do but it don't works. Dns request recieved responses only if the requests come from a machine on the same network. Dnsmasq do not respond to request form an other network (routing is ok and it's also a private network). Thanks again.

It looks lie another issue caused this and fixing the other issue fixed this one… thread here http://forum.pfsense.org/index.php/topic,42698.0.html

yes, I had a static config, then I went to pppoe, then simply rebooting fixed the problem, I think :) Anyhow it is gone now… Thank you