Change the DNS registration from crm to myserver.

If you have a pfSense box which runs the DNS forwarder and you want then (and only them) to see myserver as the backtranslation of the IP address then I suspect it might be sufficient to add a mappin in the DNS forwarder to say myserver has the specified IP address (or enable Register DHCP leases in DNS Forwarder on the Services -> DNS Forwarder page).

Yes, hosts obtained from DHCP registering should resolve from any internal subnet.

@johnea:

If you really do need to edit the generated rules, you will have to edit /etc/inc/filter.inc which generates the ruleset.

Would this also apply to other webgui supported services such as dhcpd?

Yes, there would likely be a service dependent file to be edited.

@mhby87:

It's working to open web in LAN.

Do you mean that on a system on the LAN you can open web pages on the server in the DMZ specifying by hostname or by IP address?

@mhby87:

My web cannot open in WAN using Domain Name (web only can open with IP).

I think this problem from setting at pfSense Rules and NAT. I try to forward port 53 (DNS) to WAN, but still not working

I'm not sure what you are reporting here. Do you mean that when you try to access the web server on the DMZ from the Internet it succeeds if you use the IP address (which IP address? the static IP address of the pfSense WAN interface?) but not the the host name? Which host name? Is it a hostname registered with public DNS? What does the browser report when the access fails?

FYI- on 2.0 when setting that up the rules are added for 519/520 automatically.

I have pfsense and a windows domain also . Here is my setup

in pfsense  I only allowed certian ports out like http https imaps smtps pop3s

B/C I did that I setup another rule that has my servers ip address in it allowing them to use port 53(dns)

pfsense runs dhcp with my active dir servers as the dns

on my active directory servers the forwarders are set to opendns.orgs dns servers

So, I thought I would get clever and try modifying the dhcp.conf file by hand, a little ssh and vi and I thought I was good to go. However, I couldn't find a daemon script to launch dhcpd, so I used the webgui, and that was a no go. Seems that pfSense dynamically configures this via it's config.xml file, as mentioned above. Which isn't a big deal either, a little more vi and I've got a modified config.xml back it up to my home folder, and everything seems in order.

But, I can't get get it to load the conf without over writing my entries. apparently it does some sanity checking on the file, and I can't get away with it.

Thanks.

I found the problem.

–---> ME <-----

In the settings in pfsense you asked for a username and I was using my email address as username and that dosen't work for updatign the IP but it works for login into my dyndns account.

In Services -> DNS Forwarder scroll down to You may enter records that override the results from the forwarders below then click the "+" below to add one or more names for IP addresses.

DHCP associates an IP address with a MAC address. DNS forwarder associates a name with an IP address.

@firestorm_v1:

Now, if I statically assign the test machine an IP address, it is able to connect to the Internet and browse with no issue so I know that it's not a connectivity issue to the pfSense OPT1 interface. I can not ping the pfSense router at all,

I would expect a ping response from the OPT1 IP address but not from the LAN IP address.

I'd try connecting a system directly to OPT1 (bypassing the switch) to see if it gets an IP address by DHCP in that configuration.\

Hi,

I'm sorry for the late reply.

I just tested it again. This time it worked perfectly straight through the web interface (selecting type string, which wasn't possible back then).
I entered in the following: number: 33, type: string, value: C0:A8:70:01:C0:A8:00:1E

This resulted in the following host route: dst:192.168.112.1  mask:255.255.255.255     gw:192.168.0.30

Did you already succeed with your option 121 issue?

Greets,

Max

What is your configured DHCP range, and what is your LAN IP configured as?

Many thanks.

@jimp:

It's in /var/dhcpd/var/db/dhcpd.leases

Yes, that can work, as long as the d-link adapter shows itself to the system as four separate network cards, then it can be used for four (or more with vlan) separate networks, each with their own DHCP, etc.

Don't use auto assign and re0 might work, it probably doesn't properly report its link state. If you assign, and actually type in re0, then it will probably work fine.

I'd start with checking what line 1 of /usr/local/etc/dnsmasq.blacklist.conf contains. (Though on my installs that file doesn't exist…)

There is an option that tells the network connection to 'Automatically obtain DNS information from provider', this option is not what you would expect, it is not the DNS server IP information.

Using network manager (Gnome Desktop), select Network Manager (called just Network on the administration menu), double click the target connection and then leave a machine name in the 'hostname' box but uncheck the 'obtain DNS information' option then it works, the problem now is that it doesn't set any DNS server IP addresses at all.

The fix is to leave the option selected and then add a line DHCP_HOSTNAME=whateverhostnameis into the ifcfg-eth*.conf file located in the etc/sysconfig/network_scripts folder (af least on Fedora Core) and restart the machine.

Very intuitive !!

I was under the impression tinyDNS is a real dns server, querying root servers for all external dns entries… that's what I need. If I wanted to rely on dns queries being forwarded to other dns servers, I'd just stick to the dns forwarder (which I am doing now because I currently have no other dns server around...).

Hello all,

Good news, i've just solve my problems:

At switch, on port that pfsense is plugued, i set all vlan's ids, and this port must be tagged, and the others untagged.

Thanks for all

I prefer using Bind to be fair though.

Feel its a much more professional DNS, but obviously does not have a failover, though I don't actually need that anyways so cannot see much point.

Ah ok that's fair enough, but I shall keep going with bind to be fair.