@wallabybob: @Piplfox: I red somewhere that the problem is with username with @ character but on opendns doesn’t allow anything else except email as username. I login to OpenDNS and DNS-O-Matic with a username (all alphabetic characters, no "@"). I update my dynamic IP registrations from pfSense through DNS-O-Matic. The pfSense configuration specifies a username, not an email address. Account creation at http://www.dnsomatic.com asks for username, email and password. Perhaps it is necessary to create a DNS-O-Matic account so you can give a username (not an email address) to the pfSense dynamic DNS updater. You are right. thx.

Yes, when it's used by the system itself that's what it uses. The DNS Forwarder listens on every IP on the system though, so it could be any IP, but localhost is always there and never changes, so that's the safest to use from the firewall itself.

checked on pfsense console, ps -A | grep dns found following /usr/local/sbin/dnsmasq –local-ttl 1 --all-servers --rebind-localhost-ok --stop-dns-rebind --dns-forward-max=5000 --cache-size=10000 seems current cache max is 10000

Hi, i'm using captive portal. is the captive portal buging the packet of dhcp? thanks.

Odd that the kindle wifi mac is listed as PRIVATE?? Normally you can just look up the mac and get the maker, which can help you trouble shoot the issue. Glad you figured out what it was by accident, but if you would of sniffed you would of seen it talking to where it talks to, etc  And that should of pointed you to what device it was. I have a cheapo netgear switch, and its "smart" and I can view mac addresses and such, just because its cheap does not mean it can not be loaded with features.  I had picked up my GS108T for like $79, does vlans, mirror port, igmp snooping, lagg, qos, rate limiting, etc. etc. Next time your in the market for a switch you might want to look for a smart one, normally only a few dollars more.

Did you fill in those DNS servers on Services > DHCP Server? By default the clients will get the IP of the firewall if the DNS forwarder is enabled. If the DNS Forwarder is off, it would send the DNS IPs from System > General If you set IPs explicitly on the DHCP server page, it always sends those. However, if you change the DNS Servers on System > General when the DNS forwarder is disabled, it probably doesn't automatically re-write the DHCP config, so you may just need to edit/save the DHCP server config under Services > DHCP Server.

That would be done in DNS - setup a CNAME for www.mysite.com that points it to your dyndns hostname. So a client looks for www.mysite.com, gets CNAME somewhere.dyndns.org, then looks up somewhere.dyndns.org and gets back your real IP.

Ok. Thanks for answering. Unfortunately I do not have the skills to accomplish such an operation:( Regards Anders

Check this: http://forum.pfsense.org/index.php/topic,39770.0.html http://forum.pfsense.org/index.php/topic,40281.0.html

You have a connection error: em0, em1 and em2 are connected together: Oct 4 17:03:14 dhcpd: DHCPREQUEST for 192.168.3.2 from 00:07:e9:10:75:4a via em2: wrong network. Oct 4 17:03:14 dhcpd: DHCPNAK on 192.168.3.2 to 00:07:e9:10:75:4a via em2 Oct 4 17:03:15 dhcpd: DHCPREQUEST for 192.168.3.2 from 00:07:e9:10:75:4a via em1 Oct 4 17:03:15 dhcpd: DHCPACK on 192.168.3.2 to 00:07:e9:10:75:4a via em1 Oct 4 17:03:15 dhcpd: DHCPREQUEST for 192.168.3.2 from 00:07:e9:10:75:4a via em0: wrong network. Note that em0, em1 and em2 are all receiving a DHCP request from the same MAC address. It appears em1 has network 192.168.3.0/24 so DHCP requests for 192.168.3.2 on em0 and em2 will fail because em0 and em2 don't have network 192.168.3.0/24. It is not obvious to me that this has anything to do with IPv6.

I will have another go if I get the time. But I have migrated this over to my actual server for now, just changed the IPs in my forwarder, pfsense v2 is allot faster though, always wondered what was bugging down my internet speeds and that was the culprit v1.2.3 was just horrendously slow to the point I would get really annoyed! But no it's great thanks for that but any feedbacks very much appreciated! Jeremy.

@Nuno: @pulsemedia: thanks for reupload, but for me the new archive is still broken  :-\ maybe you should choose another way to upload the file e.g. mediafire.com? Huh… Don't know what to say. I just downloaded it, renamed the extension from "txt" to "zip" and everything's fine. Nevertheless I added a rapidshare download link. Try that one instead. yay! finally got it :-) thx

@madapaka: @madapaka: @tebeve: Actually, as I learned in this thread over on the IPv6 board, from wagonza… "There is currently no integration between DHCP and Unbound…" @wagonza: There is currently no integration between DHCP and Unbound, in other words you will need to assign the IPs you want given o your DHCP clients by manually configuring them in the DHCP configuration page. Currently the way v4+v6 works is that when the DHCP service is set up it checks for: Manually configured DNS servers and assigns those, if those are not configured It then checks to see if dnsmasq is enabled. If it is enabled, it assigns the IP(s) configured on the LAN. If it is not enabled it assigns the DNS servers configured in System->General Setup to the DHCP clients. I know databeestje has also mentioned some other rtadvd fixes that he is looking into fixing, but the above still stands until Unbound is fully integrated. Which I guess is now becoming a necessity…so best I get cracking :) This holds true for both IPv4 & IPv6 I believe. So on the DHCP config page, under the DNS server fields, just put your pfSense box IP not the openDNS server addresses, clients will then use the pfSense box, which in turn will use the Unbound config to look up local entries then roll to the DNS servers listed on the System : General Setup -> DNS settings for all external lookups…. I think this is what johnpoz has been trying to get at. Thanks everyone, especially tebeve, that practically did it. I guess someone has to update the Unbound DNS wiki page. Spoke too soon, when I rebooted pfSense, it's no longer working, reverted to the old config, at least it's working although not like it's supposed to be. @madapaka - Just FYI… as per my mention of this other thread on the IPv6 board, wagonza has updated the Unbound package. Maybe this might help your issues. EDIT: sorry, got my threads mixed up… the fix applied to the unbound package was for a different issue. My bad.

I have a similar problem on my network.  I recently ran across some free software from Princeton: http://www.net.princeton.edu/software/dhcp_probe/. It runs in the background and listens like a DHCP client.  You can configure it to know which is your real DHCP server and it will trigger a warning message which includes the IP and MAC address of any offending DHCP servers. You still have to physically locate the rogue, but at least this warns you as soon as it happens.  I have also had some success finding the rogues by taking the MAC address that DHCP_probe gives me and checking the ARP caches of my switches to follow which ports have seen that MAC until I get to its final actual port. Jeff

So it's just a case of me being too much belt & braces then - I should trust the system to work, and it will!

This is great, what would it take to make this into a real "package" that is installable via the web gui?  These extra dhcpd options are really sorely needed, I am shocked that you can't add arbitrary text to the dhcpd.conf without real hacking.

I also need to modify my dhcpd.conf (need to set option 66 to different strings based on MAC address) and this was easy to do with my previous router (linux running dnsmasq) and I know that it can be done with dhcpd.conf tweaks but like the OP I don't want the file to get erased or be prevented from setting other options via the GUI.  I am surprised there isn't an add-on package to add some extra options to the gui for dhcpd. Meznev: could you please elaborate a little bit on how you solved this issue?