Yeah that looks good.

Next I'd get a capture from the DHCP server to ensure the relayed requests are getting there, and if they are then enable audit logging on the Windows server and see what it's showing.

Two things…

#1: Another way to make a change like this is without a reload is:

Make a backup (just to be safe!) Load up a WebGUI page with a save button Switch to a console window Edit /cf/conf/config.xml rm /tmp/config.cache Click "Save" on the WebGUI page you loaded earlier.

#2: Having said that, I was able to get a third DNS server to take this way -- but -- as soon as I went back to "System > General Setup" and clicked "Save" there, it wiped out the additional DNS servers.

So it might work, but YMMV...

You don't have to change anything, DNS will resolve from any interface IP and CARP VIP. Your firewall rules have to allow that query traffic.

Heres some links to pfsense features

http://www.pfsense.org/index.php?option=com_content&task=view&id=40&Itemid=43

and captive portal

http://doc.pfsense.org/index.php/Special:Search?search=captive+portal&go=Go

I personally use it as many others do as well and it works great, on both wired and wireless networks, I think you'll find it easier to manage users than what youre currently doing, no point trying to reinvent the wheel.

You can find it under Services/Captive portal on the pfsense gui.

Slam

I found the answer…..

The problem was not PFSense at all, but an OpenDNS setting and the way Windows handles lookups.

Windows lookups go in this order:

HOSTS file
DNS Server
NetBIOS Name Table

For NetBIOS names to lookup correctly, the first 2 options have to fail.  With the "typo correction" feature enabled on OpenDNS, #2 never fails and thus Windows never gets to look for a NetBIOS name.

Registering a OpenDNS account and turning off typo correction fixes the problem.  Of course a proper AD/Domain setup would as well...

System -> General Setup

I would rather set the openDNS servers onto the "allowed IPs" list than allow the client alltogether.

It is listed. When I set up my static DHCP lease I made sure to put in a hostname.

I'll look thru that post and see if I get any further.

It's driving me nuts!

if u have apache just install plesk and all it`s done. U can do this easy from Plesk panel.

I think he means the DNS entries and the Static IP entries are found in two different sections.

Input your IP# and Gateway in the WAN config section under Interfaces and the DNS entries can be found in the General settings page.

Thanks.

With a few more options, like separate list of the internal DHCP leases registered in DNS, and per domain and/or time sorting would be very interesting.
Will try to offer something in the near future, as soon as I finish other pressing issues around my network and pfSense.

;-)

Your pfSense doesn't know about your actual WAN IP, thus it cannot promote it to DynDNS service.
However, it correctly promotes what is known: it's WAN IP. That's not the LAN IP you pointed to earlier!

Two possibilities:

let your modem do the DynDNS update itself (it knows the WAN IP) (if at all possible) switch your modem to bridge mode and have pfSense do the PPPoE. This way it knows the WAN IP and can update your DynDNS settings correctly.

Cheers Perry.

CMB, I wouldn't have assumed that when trying to piece it together but hey, that's good enough for me.

Sorry to keep this thread going but while following your solution to use a manual WAN rule on top to drop the noise, I found a reason not to be in a rush over this…

1. I Created a new rule to block the specific private IP (broadcast) source address; as expected the 2 system rules found on the WAN tab (enabled by check-box) remain on top but there seems to be no way to relocate my new manually created rule to the top of the heap... so...
2. I released my ISP assigned address on my WAN... (or just unplug the WAN)
3. Then I deleted both system WAN rules (block private IP's and Bogon Networks)... now with only my manual WAN rule still present...
4. Went back to the WAN tab and reselected the block private IP's system rule and it immediately populates itself right back on top of my manual rule... I was afraid of that.

So that means I will need to create replica's of one or both system WAN rules manually starting with 3 separate rules to cover all 3 private IP ranges/RFC1918. As much as I appreciate your suggestion, for now I'm just going to stick to the system (default rules) and work around this with a syslog daemon and hopefully a filter to not re-log traffic from that single broadcast gateway (source) address... Thanks again! Any general knowledge book suggestions on residential ISP's which you can recommend... I would like to get up to speed on this stuff.

You could setup a cron job to run "dhclient fxp0", replacing fxp0 with whatever your WAN interface is.