Thats it. That solved the issue. Thank you very much. Regards, Marc @Bern: Have you set up a static route on your pfSense machine to your office's LAN? IIRC you have to do this with IPSec tunnels. Route it through the LAN interface of pfSense.

@joel.baxter: Deny unknown clients: If this is checked, only the clients defined below will get DHCP leases from this server. This only affects the DHCP server. The pfSense will communicate with devices not on the list below. –> You can configure a device with a static IP and it still can use the pfSense to access the internet. @joel.baxter: Enable Static ARP entries: Note: Only the machines listed below will be able to communicate with the firewall on this NIC. Here you essentially write the ARP table by hand. Only devices on the list can communicate with the pfSense. If the device is not on the list it cannot access the internet even if the IP gateway configuration is correct. @joel.baxter: Can we just the Range to zero addresses or it should be the full Available Range? What do you want? Set the range of availlable DHCP-addresses to 0? I'm not sure if this works, but you can just set the range to the netID (example: subnet:192.168.0.0/24 pfSense 192.168.0.1/24 DHCP-range start: 192.168.0.0, end 192.168.0.0) I dont know how this will behave, but you can enter it like this in the webGUI. @joel.baxter: If we do want to reserve a small range of addresses to be assigned without having to input a MAC, how would we do that? Is there a way to set these so that they have access to the internet but no access to internal resources? Just let the DHCP run. If you do this you cannot have the above two options. Why dont you add another interface for "guests"? You cannot control with the pfSense what within your network can access what. Traffic flowing only over the switch never reaches the firewall rules of the pfSense.

Create a static route for one of the DNS servers pointing to the second WAN gateway.

Are you using the packet capture mechanism to verify that it is indeed not sending any more discover messages?

I have re-created the entry in dyndns, and disconnected/reconnected from ADSL, and now it works fine.

I deleted all lease files, and it works again. I do not know what went wrong, but cleaning did the trick.

Hello, sorry for the delay. I'm using static Ip's only because i have to. I'm trying to have a normal Lan, on which the servers are defined with a static IP (the IP is given by pfsense) and every other computers receive and address from the DHCP. The server is configured correctly. The problem is when a user with a dynamic address try to ping, or try to connect to a SQL database using the hostname of the server, he is redirected on an opendns server, whereas a user configured with a static IP (with the exact same configuration than the one forwarded by the dhcp server) can reach the server. I don't understand this process. My not having Internet depends on the DNS configured in the dhcp server. It is said that if dns forwarder is enabled one must use the interface's Ip. However if i do this i can not reach the internet, whereas if i configure a real DNS, i access the internet.

Did you uncheck the option to allow override from DHCP servers?

Figured it out. Here's how….. To register the SRV entries you need to use the RAW record type but it needs to be in a specific format. So here's an example Original Entry from the domain control is... _ldap._tcp.my.domain.com. 600 IN SRV 0 100 389 dc.my.domain.com. using a SRV record creator such as the one at this site = http://www.anders.com/projects/sysadmin/djbdnsRecordBuilder/ scroll down to the section "djbdns / tinydns SRV" you need to fill in the form so for the example above we would use. Service:   _ldap._tcp.my.domain.com Priority:      0 Weight:      100 Port:              389 Target:      dc.my.domain.com Time To Live:    600 Then press "Build SRV Record" and a windows pop's up containing the raw string.... :_ldap._tcp.my.domain.com:33:\000\000\000\144\001\205\002dc\002my\006domain\003com\000:600 Now you just need to enter this in to PSsense Tindy DNS server as a raw record, so.... Record Name = _ldap._tcp.my.domain.com Record Type = raw Record Data = :_ldap._tcp.my.domain.com:33:\000\000\000\144\001\205\002dc\002my\006domain\003com\000:600 Then that should be it done. If you have windows box's you can test it, open a command prompts nslookup set type=srv server "your dns servers ip" _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.com RESULTS in ......................... _kerberos._tcp.Default-First-Site-Name._sites.dc._msdcs.my.domain.com SRV service location:           priority      = 0           weight        = 100           port          = 88           svr hostname  = dc.my.domain.com Hope this helps someone. Keith

I testing using browser also. When i fill url with kerapu.htp-mohe, it cannot resolve the ip. So, i cannot view page from server. Please assist me.

Cisco has a "Switchport Protected" Command. It will only allow users to talk to non-switchport protected ports. (pfSense is the only non protected port) This way users can only effect them self's, if they happen to assign them self the default gateway If a user happen to assign them self an IP address that was given by the DHCP server, I guess he could bring down one PC, but that would have to be a lot of trial and error. This is really only in DHCP networks.

It's not that modifying the configs directly is bad. The problem with messing with files directly is, that it's not persistent. The next time the rules are reloaded or you reboot all your changes are lost. This due to the nature of pfSense of generating all configs dynamically out of the config.xml. If you're using a fixed config, you could backup the config file of the DHCP and copy your own file over the dynamically generated config with a cronjob or something like this.

Might be under the "System Logs" section, my pfSense host has static IP allocation so I'm not sure.

@ravager: Hello everyone, I fully expect this to be an issue with something I misconfigured, but for some reason DNS resolution is not working on the pfsense box.  I have the proper information in it for my ISP, static IP, GW, netmask and DNS servers, but it will not resolve DNS. In order for me to get DNS resolution working on my host PCs I had to disable the DNS forwarder and have DHCP dish out the public DNS servers. Any assistance would be greatly appreciated. Hello everyone, I have same problem. I use Multi Wan with Loadbalancing: 1 lease line and 1 ADSL (pfsense PPPoe client)