Getting off topic, but I haven't had trouble using simple vlan setups on an Alix.
You would create vlan interfaces for each lan with the proper tags, use the vlan interfaces for LAN and LAN2.
It's easy to shoot yourself in the foot when reconfiguring, I like to do it via the WAN side.
Then make sure the parent interface on pfsense is connected to a trunk port on the switch.
There is good info on vlan configurations if you search about a bit.

@jimp: I see. I thought this post about how to do that on the same box. But ohwell, i see. Thank you for response.

Should be fixed now, once my checkins sync to the package server (~5 minutes).

I just happened to have a call from a support customer who noticed the same thing, then remembered a forum post mentioning MX records…

You can enter either an IP, a hostname, or both as ip:hostname in the box for an MX record. All are valid. If you enter ip:host, it will make an A record internally that points that hostname to the given IP.

Try the custom DynDNS patches here:

http://forum.pfsense.org/index.php?topic=27704.new;topicseen#new

If they get enough testing/approval they might make it in.

Since you apparently have only one public IP address you will have to use some sort of port forwarding.

Thank you for your reply.

Nevertheless I hope I it will be available in the new version. I have seen other posts asking for such or similar functions for the dhcp in the forum. So I am not the only one.

I'll keep my fingers crossed :)

Best regards!
Fishrman

Ok, thanks!

I found this also, about pfSense and WPAD:

http://doc.pfsense.org/index.php/WPAD_Autoconfigure_for_Squid

Regards,

Josep Pujadas

LAN port is 192.168.1.1, OPT1 currently is 10.10.20.1, Pfsense is 192.168.1.2

By "pfSense is you mean the WAN is??

If your LAN port is 192.168.1.1 then you would access the web gui by that address…  Where does the 192.168.1.2 come from?

Add a NAT Port Forward entry on every interface that you want to serve DNS to, forward tcp/udp port 53 to 127.0.0.1 from each interface address.

Unfortunately, when dealing with a windows domain, it's usually better to point DHCP and DNS at the windows server, and then configure the server's DNS service to use pfSense as its forwarder for DNS queries.

There are several aspects of being part of a domain which will end up slower (especially login) if your DNS server on the clients is not also your DC.

Well something out there (perhaps the DNS server for mydomain.com) is answering the AAAA query:

13:04:07.910775 IP tiger.mydomain.com.62310 > router.mydomain.com.domain: 27878+ AAAA? panda.mydomain.com. (39) 13:04:07.924733 IP router.mydomain.com.domain > tiger.mydomain.com.62310: 27878 1/1/0 CNAME mydomain.com. (123)

That means it asked for the AAAA record for panda, and got back that result is a CNAME for mydomain.com

And then it asked for a AAAA record for mydomain.com, and AAAA for panda.dolcera.net…

13:04:07.924964 IP tiger.mydomain.com.55111 > router.mydomain.com.domain: 55178+ AAAA? mydomain.com. (33) 13:04:07.939512 IP router.mydomain.com.domain > tiger.mydomain.com.55111: 55178 0/1/0 (103) 13:04:07.939945 IP tiger.mydomain.com.62372 > router.mydomain.com.domain: 25705+ AAAA? panda.dolcera.net. (35) 13:04:07.953756 IP router.mydomain.com.domain > tiger.mydomain.com.62372: 25705 NXDomain 0/1/0 (97)

…and got back an answer that they don't exist.

Then finally asked for an A record for mydomain.com...

13:04:08.289062 IP tiger.mydomain.com.51172 > router.mydomain.com.domain: 23562+ A? mydomain.com. (33) 13:04:08.308518 IP router.mydomain.com.domain > tiger.mydomain.com.51172: 23562 1/0/0 A 98.xxx.xxx.xxx (49)

…and got back what is presumably your WAN IP.

@XIII:

Correct. You are welcome. I got this from the pfSense Docs/Book.

You know I've skimmed through it but I never even thought about an Alias as I've never used them before.  Very handy.

Never thought of this. Don't know how the DC is set up and it is beyond my control. Will check if this works.

Thanks for the reply.

edit

Just wanted to confirm that the suggested fix worked.

Thanks again.

Enable DNS forwarder on pfSense and at bottom of web page Services -> DNS Forwarder add entry for server.
Configure local systems to use pfSense as DNS. (This should happen automatically if local systems are using DHCP to get IP address and DNS.)

If the server has a private IP address it won't be accessible from outside your local network unless you have done something to pfSense or your modem to make it visible (e.g. port forwarding).

@zboll:

I really like pfsense so I do not plan on changing to linux distribution router anytime soon.  I am trying to set up a couple diskless computers and I would like to be able to plug them into my existing network.  I was wondering if I could use my pfsense box dhcp server to point the client to my LTSP server?  My LTSP server is running Debian Etch.

My other solution to the problem was to just install another network card into my LTSP server, run a dhcp server, and plug it into a switch connected to the clients.  I would rather use pfsense dhcp server to avoid the extra hardware/cable needed.

thanks,
Zack

I've found a nasty little solution, but it's better than nothing at the moment. This is completely unsupported and these changes will definitely be lost on any upgrade, maybe sooner.

I'm running 1.2.3 Release so my line numbers might differ from yours, but around line 117 of /etc/inc/services.inc, you'll find a chunk of DHCPD options between "<< <eod" and="" "eod;".="" i="" think="" you="" can="" get="" away="" with="" plugging="" in="" your="" advanced="" options="" here.="" this="" is="" as="" yet="" untested="" just="" an="" educated="" guess="" so="" i'm="" not="" responsible="" for="" the="" results="" :)<br="">Hope this helps someone though.</eod">

Having two DHCP servers on the same network will not work.

However, I don't think that static IP mappings from DHCP have to be within the same subnet, so you might be able to just run the DHCP server on the segment for normal clients and have the static IP mappings for the other IPs…

But even if that could work, it's ugly. And really there is no good reason not to segment subnets on different interfaces/VLANs.

I don't know precisely enough what you are trying to do because you don't say the context from which x is "to be reached as the static IP" - the internet or systems downstream of your pfSense box.

Here's a case where I have used DNS forward override. My configuration:

Internet <–> ADSL Modem/Router <--> pfSense <--> LAN
                                            /|
                                            +-----> DMZ (OPT1)

I want my web server on the pfSense OPT1 interface to be accessible from the internet. My ISP assigns me a dynamic IP address so I have registered a dynamic DNS name zzzz.dyndns.org. I have setup a port forwarding rule and static route on my ADSL modem so incoming (from the internet) accesses to TCP port 80 go to my web server downstream of pfSense interface OPT1. All my systems downstream of pfSense use the pfSense DNS forwarder as their DNS. On my local network (LAN) I couldn't access my webserver on the DMZ by the name zzzz.dyndns.org (because the Internet name server returns the IP address of my ADSL modem, which is the correct thing to do to get to my web server from the Internet) so I created an override entry in the pfSense DNS forwarder (host = zzzz, domain = dyndns.org, IP address = web server's IP address on the pfSense OPT1 subnet). Now all my systems downstream of pfSense get the OPT1 subnet address as the IP address of zzzz.dyndns.org while systems on the Internet get the most recently registered IP address of my ADSL modem.

I use ipblocklist to block ads and unwanted advertising. I can control which ad sites are blocked and which are not as well as being able to use public lists that block known ad sites.
The easy part is there is no client side configuration required since pfsense handles the traffic at the fw level.

Edit: windows 7 doesn't suck  :)