I testing using browser also. When i fill url with kerapu.htp-mohe, it cannot resolve the ip. So, i cannot view page from server. Please assist me.

Cisco has a "Switchport Protected" Command. It will only allow users to talk to non-switchport protected ports. (pfSense is the only non protected port) This way users can only effect them self's, if they happen to assign them self the default gateway

If a user happen to assign them self an IP address that was given by the DHCP server, I guess he could bring down one PC, but that would have to be a lot of trial and error. This is really only in DHCP networks.

It's not that modifying the configs directly is bad.
The problem with messing with files directly is, that it's not persistent.
The next time the rules are reloaded or you reboot all your changes are lost.
This due to the nature of pfSense of generating all configs dynamically out of the config.xml.

If you're using a fixed config, you could backup the config file of the DHCP and copy your own file over the dynamically generated config with a cronjob or something like this.

Might be under the "System Logs" section, my pfSense host has static IP allocation so I'm not sure.

@ravager:

Hello everyone,

I fully expect this to be an issue with something I misconfigured, but for some reason DNS resolution is not working on the pfsense box.  I have the proper information in it for my ISP, static IP, GW, netmask and DNS servers, but it will not resolve DNS.

In order for me to get DNS resolution working on my host PCs I had to disable the DNS forwarder and have DHCP dish out the public DNS servers.

Any assistance would be greatly appreciated.

Hello everyone,
I have same problem. I use Multi Wan with Loadbalancing: 1 lease line and 1 ADSL (pfsense PPPoe client)

Hi,

Yeah same error here. always had that error but never payed attention to it since I didn't need DHCP on opt2 interface (only happens when I click on that tab in "DHCP server".

The error from lighttpd:
2009-05-19 19:23:43: (mod_fastcgi.c.2462) unexpected end-of-file (perhaps the fastcgi process died): pid: 561 socket: unix:/tmp/php-fastcgi.socket-1
2009-05-19 19:23:43: (mod_fastcgi.c.3254) response not received, request sent: 950 on socket: unix:/tmp/php-fastcgi.socket-1 for /services_dhcp.php , closing connection
2009-05-19 19:23:44: (mod_fastcgi.c.2462) unexpected end-of-file (perhaps the fastcgi process died): pid: 557 socket: unix:/tmp/php-fastcgi.socket-0
2009-05-19 19:23:44: (mod_fastcgi.c.3254) response not received, request sent: 950 on socket: unix:/tmp/php-fastcgi.socket-0 for /services_dhcp.php , closing connection

I haven't got a clue where to continue now…

@Assar:

Suppose the user did not disable the wireless interface on laptop when physically connected.
This would in that case result in two interfaces with same address. Is this desirable?

DHCPD won't let that happen. It will check first to see if the address is actually in use, and if so, assign a different address.

With ISC DHCPD, which pfSense uses, static DHCP reservations are not absolute. They are more of a preference. That's the reason you can't assign static addresses inside of your DHCP pool: That IP could end up assigned to another machine if the machine with the reservation was powered off.

@GruensFroeschli:

You actually get a message when you change the IP on the LAN interface.
Although not on the various OPT interface.

Nice!
Did not try to change the LAN interface since it's frequently used.
Is this feature addable to other obscure interfaces to?

I've run into this wall as well.  My topology is

internet –-- soekris/pfsense --192.168.0.1/30-- cisco 2621 ---- cisco 2950
                                                                                     192.168.2.0/24
                                                                                              |
                                                                                              |
                                                                                       Wireless AP
                                                                                     192.168.2.0/24

The AP doesn't route, it just acts as a bridge.  I have the AP serving DHCP to the wireless segment.  Before I switched from openbsd to pfsense I had the 2621 relaying dhcp requests to my soekris box, but now I have to use the 2621 for DHCP duty.  The obvious question of course is "why is the 2621 there?".  it's a lab device and connects to a number of other cisco routers that are irrelevant to the production network topology.  the main reason it's there is so I can see how different things react to real production traffic since you can only learn so much in a lab environment.

Any Cisco router is going to support the "ip helper-address" directive to relay DHCP, so it would be nice if pfsense could handle serving arbitrary subnets with DHCP.  Firewalls are rarely on the same physical subnet as workstations.  it's easy enough to do with BSD's DHCPD daemon, it doesn't care what subnets you put into it.  Maybe just an "allow arbitrary subnets" checkbox if you want to keep the same "you're using the wrong subnet, guy" logic it has in there now.

To respond the the above comment...  When you do things that aren't completely standard, you just need to do it intelligently.  Thats why there are so many options for DHCP.  I use an ACL and address exclusions to handle having 2 DHCP servers on the same subnet, and it works wonderfully.  Each server has a chunk of the subnet it can assign to users.  The 2621 won't get any requests from the wireless network, and the ACL blocks the AP from getting requests from the wired network.  Everybody wins.

on the 2621:
ip dhcp excluded-address 192.168.2.0 192.168.2.10
ip dhcp excluded-address 192.168.2.120 192.168.2.254
!
ip dhcp pool wishbone
  network 192.168.2.0 255.255.255.0
  default-router 192.168.2.1
  domain-name iggdawg.com
  dns-server 192.168.0.1

on the AP:
ip dhcp excluded-address 192.168.2.1 192.168.2.127
ip dhcp excluded-address 192.168.2.165 192.168.2.254
!
ip dhcp pool wishbone
  network 192.168.2.0 255.255.255.0
  default-router 192.168.2.1
  domain-name iggdawg.com
  dns-server 192.168.0.1

interface FastEthernet0
no ip address
ip access-group Deny_DHCP in
---- snipping other interface config directives ----

ip access-list extended Deny_DHCP
deny  udp any any eq bootpc
deny  udp any any eq bootps
permit ip any any

Thank you very much I did not know that fit123 exists I will try it!

Hi,

Thanks for the reply.

I had turned off the DHCP server in the GUI and DHCP was not show in the services tab.

I can state however that this issue is not with pfSense or Squid.

I have traced a mobile user who's laptop had the Alureon malware infection, this took over DHCP services on the network and happened to display the Gateway and DHCP server as being the pfSense boxes LAN IP address.  He happened to be at their head office today.

Whilst the following is OT it might just help someone.

In case anyone else has a similar issue here's how I traced it.

1. Disconnected servers and pfSense box from switch.

2. Connected laptop to master switch and it was assigned an IP (it shouldn't be)

3. Removed the 3 cascaded switches from the master and tried my laptop on each switch.

4. Laptop received an IP on switch #2.

5. In turn, removed each connection from switch #2 and repaired the laptops network connection.

6. Repeat until no IP is received, plug in the last removed connection and re-test.

7. Trace that connection to the patch panel and find out who's connection that is.

8. Leave that user un-plugged and re-patch all the other cables.

9. Reinstate that perfectly working pfSense box and sleep peacefully :D

10. Can't sleep, have a users machine to clean !!!  DoH!!!

Thanks again

Andy Hodges

This is critically important to me and I am willing to bounty the issue!

I NEED DNS resolver for internal DHCP and DNS Forwarder hostnames to STAY UP despite WAN outage.

I forgot to add that the forward lookups for the 172.16.0.XX hosts work correctly.

Are your LAN and WAN in different subnets?

Are the clients configured with the correct default gateway?

windows firewall is OFF
Antivirus OFF

Did you run the domain wizard first?

@GruensFroeschli:

This raises the question: why do you want to use bridging in the first place when you dont want to connect one of the interfaces?

Because the gateway will be delivered to a client, so currently he will not use PCs with cable, but nobody knows what will happen in the future, so I want a machine ready to be used with a switch, just plug and use :)

Thanks to everybody for the comments ;), the loopback jack is cool.

Thank you Cry Havok. As you have suggested, I found out that my WAN side NIC (fxp1)  was acting up. When I moved the WAN interface to fxp2 the problem was resolved. Thanks again for help.

I made this:
http://forum.pfsense.org/index.php/topic,15482.0.html
I hope its not against the rules to make a new topic about it.