I understand, but must do so because it is not just blocking the Internet, it's security network, computers are not the company have to get another IP ranger other than the LAN, so these computers are isolated in the Firewall Rules and I release them only for HTTP. So I was doing DHCP by MAC, which fall right in the registered and unregistered LAN fall into a ranger OPT2. In the environment there is only one switch for that brand 3Com could even consider putting another to create a separate DMZ, but pfSense is virtualized on VMware with 03 virtual interfaces connected to a single physical interface (NIC) that is then connected to the switch. Any other ideas? Thank you!

You can disable the rebind protection under System > Advanced

Jimp, Thanks for the reply.  What you suggest is what I have done and what I was trying to accomplish, however I was looking for a solution that would not require removing the package, just disabling it so that I might bring it back up later without starting over. It doesn't appear that this is available so I have removed it. Thanks, Mark

Was messing with the dhcp options and found the following; Added 1 option 6 entry.  This entry appears to override the other dns servers entered in "DNS Servers" cause an entry here cancels out anything you put there. Anyway, want to list 3 dns servers, but entering 3 entries as option 6 I only get to see the last dns server entered. If I enter several on the same line, pfsense give me an error. Guess I need to know how to delimit one entry from the other.  , and ; don't seem to work….

JOL, Thanks for the reply, but unfortunately that's not it.  I already noticed that.  I think that it is a change from pfsense 1 to pfsense 2.  Packages were moved to /var/. Even when done in the right location the tcp file is lost on reboot. I believe that the patch that previously fixed the problem has been lost somewhere along the line. Mark

@ck42: If I just PING hostname, instant response. If I PING hostname.domain, it takes right at 15 sec. before I start seeing replies. That sounds like the look-up for hostname.domain is being routed to a DNS server, that cannot be reached, and so is timing out. Cheers.

Attached PHP include file will make it easier to apply and restore after updates. As well as switch between multiple impersonation configurations of other routers. Usage info is included in the file. interfaces.Actiontec.MI424-WR.Impersonation.inc.txt

No, because there isn't a way to tell a static DHCP lease client to use a different gateway (in our GUI), so they wouldn't have a valid gateway.

Great Thanks for the Help ;D

You can't set DNS with DHCP like that in 1.2.3 or 2.0. You can only set those options differently if those clients are on a different interface+subnet. Besides, if someone were smart enough they could just change their DNS servers manually to the other one you allow, and get around that restriction. When you setup a restriction like OpenDNS you must also set rules on that interface that prevent the users from talking to any other DNS servers.

Cool - added to the wishlist. I use something similar, although my use is for reverse proxying of popular sites.

My namecheap dyndns entry (one of ~6 on my firewall) works properly for me, and I've been rebooting/reconnecting a lot lately, and my IP has been changing now and then. I wrote the namecheap dyndns support on 2.0 so if there is a problem I can look at it, but it seems to be fine for me.

There are a few things that puzzle me about your description. @Deviant: I'm currently using the bridge feature bridging LAN and WAN with a DHCP server on LAN with the /23, Apparent your pfSense LAN interface has an IP address of 175.x.x.1 and the WAN interface has an IP address of 32.x.x.24. How did you configure that? (In my experience when interfaces are bridged at most one can have an IP address or the bridge interface itself has an IP address.) @Deviant: I need to be able to hand out DHCP addresses from the /23 in a 1:1 scenario but use the gateway of the /29. I don't understand this. Your DHCP clients need a gateway on their own subnet. The gateway is the machine that gets traffic off the subnet. If the gateway is off the subnet, how do the clients get traffic to the gateway? @Deviant: How do I get a fully routed DHCP setup so the clients using the /23 are not being routed asymetrically. I don't understand how asymmetric routing would be possible in the configuration you described. Unless I've missed something crucial in your description I think you need pfSense WAN interface IP address 32.x.x.24/29 pfSense LAN 175.x.x.1/23 and no bridging. Your DHCP clients will use 175.x.x.1 as their gateway and pfSense will route traffic to the internet over its default route to 32.x.x.23. If your WAN IP address is static (as distinct from DHCP on WAN always giving you the same address) you will probably have to create a gateway (web GUI: System -> Routing, click on Gateways tab) to specify 32.x.x.23 as the default gateway. Since your LAN has public internet addresses you will probably want to disable NAT. Since your ISP has (presumably) given you two subnets I presume they will setup their routing tables so traffic to 175.x.x.x/23 will go to 32.x.x.24 where pfSense will route it onto your LAN.

Thank you wallabybob Changed the Cable modems DHCP subnet and it all works like a Champ. Thanks

That checks whether that IP is live in the firewall's ARP cache (the only way it can tell if something is alive), if the host hasn't tried to get to the Internet in several minutes it'll show offline.

normal, explained here. http://osdir.com/ml/network.dhcp.isc.dhcp-server/2004-01/msg00287.html

@Darkk: DynDNS seems to always come up but I read in the forums if they don't receive an update for over 30 days the account will expire? Most people including myself use DynDNS. The client automatically updates every 25 days if your IP hasn't changed so you don't have to worry about that, my IP generally only changes maybe once or twice a year and I never have to touch it.