@nuffe: Yeah, I don't use the gui more than I need to so I always check the logs from commandline. And their was nothing from dhclient :/ I have no trouble with dhclient getting a new lease on my system. Here's an extract from the system log (lease renewal time is 1 hour): clog /var/log/system.log | grep dhclient Sep 18 21:41:16 pfsense2 dhclient: RENEW Sep 18 21:41:16 pfsense2 dhclient: Creating resolv.conf Sep 18 22:41:34 pfsense2 dhclient: RENEW Sep 18 22:41:34 pfsense2 dhclient: Creating resolv.conf Sep 18 23:41:52 pfsense2 dhclient: RENEW Sep 18 23:41:52 pfsense2 dhclient: Creating resolv.conf . . . Sep 24 21:43:09 pfsense2 dhclient: RENEW Sep 24 21:43:09 pfsense2 dhclient: Creating resolv.conf Sep 24 22:43:09 pfsense2 dhclient: RENEW Sep 24 22:43:09 pfsense2 dhclient: Creating resolv.conf Sep 24 23:43:10 pfsense2 dhclient: RENEW Sep 24 23:43:10 pfsense2 dhclient: Creating resolv.conf What are your logs full of that the dhcp lease fails to get renewed a few times a day and there is no record of dhclient in your logs? @nuffe: Dhclient is running…. Here's what dhclient processes look like on my system: ps lax | grep dhclient 0  7393    1  0  76  0  3316  1328 select Is    ??    0:00.41 dhclient: vr0 [priv] (dhclient)   65 13400    1  0  44  0  3316  1452 select Is    ??    0:00.38 dhclient: vr0 (dhclient)     0 53718 53504  0  46  0  3524  1204 -      R+    0    0:00.01 grep dhclient

No one knows if the pfSense included version of dnsmasq can do conditional forwarding?

Does your ethernet switch support LAGG interface groups?

@Joolee: I'll try hooking up the cisco switch to a draytek to see if it's pfsense or the switch that's so slow. After testing, it seems the cisco switch is at fault… Enabling portfast on network ports helps, now the client is recognized in under 10 seconds. Sorry for the inconvenience and thank you very much for your help! For other people experiencing the same: config t int range fa0/1-24 spanning-tree portfast end

Ubuntu just does that. When you edit the interface config file, change the configuration to static and restart your network stack. The DHCP Client still thinks he has to configure the interfaces. Only solution afaik is reboot or kill the DHCP client. sudo kill cat /var/run/dhclient.eth0.pid

Thank you wallabybob, spot on. I had thought interface name was a bit odd, but as it was auto detected by pfsense, I thought little more about it! Silly me. :-[ WAN now on vr0, LAN on em0, leaving me em1 & 2 for opt1 & 2. Now that pfsense is up and running again, thanks to your kind help, I can start to struggle with captive portal!

@GruensFroeschli: Click the button "Show all configured leases" I did that and only got the same three static leases.

I think you misunderstood his solution - or maybe I misunderstood your last reply? By creating those VLANs in pfSense, you can then create "virtual interfaces".  So you can have the 2 or 3 "Virtual interfaces" you created on the LAN interface.  Each virtual interface can have it's OWN DHCP server. No need to route VLANs to the pfsense box. Your cisco router would send the IP Helper address to each IP you assigned to the Virtual interfaces on pfsense.  So instead of having 1 DHCP server, you will end up with 3 or 4 but they are all running on pfSense. I understood your original question and this is what you are looking for.  I have the same setup.  Works perfect.

The wireshark capture suggests the DHCP requests should have got at least as far as the Tomato. That you apparently don't see it on pfSense suggests you should look at the Tomato - perhaps it is not forwarding DHCP requests. Perhaps the Tomato has some sort of packet capture you could use to verify it is receiving the DHCP request and forwarding it, Your firewall rule looks fine.

Now all of a sudden it works… I'm not 100% sure about this but I think the reason it didn't work is because I have several pfsense boxes on my network and the boxes other than the one I was testing on had the default pfsense.localdomain hostname setup. I think giving all of them actual hostnames allows the network to figure it out. Anyway, now that it works I don't want to jinx it by fiddling with anything hehe

Did I solve this with the new version of pfSense to RC3? Because I'm using the previous version, I downloaded at the beginning of last year.

If you're talking about adding static IPs in Services->DHCP Server, you need to uncheck "Enable DHCP server on LAN interface". Static IPs are static; they won't change. Having DHCP server enabled permits PfSense to dynamically allocate IP addresses meaning that they could change at any time. When you uncheck "Enable DHCP server…" the range given will grey-out so you can't click in there. This indicates that that range is no longer applicable to your setup. If you're talking about the message that pops up when you go to Services->DHCP Server, that just means that you must have a static LAN address which you already should have. If not, go to Interfaces->LAN and give it an address.