OK, screen shots of LAN rules, OPT rules, LB rules, LB status, gliffy diagram of layout, config file with passwords errased

anything else? i'll be happy to post, i would really like this to work properly.

Thanks guys
-Eric

PS, files to big to upload all of them.. so i posted them on my local webserver.

http://artknapp.ca/lanrules.PNG
http://artknapp.ca/lbrules.PNG
http://artknapp.ca/lbstatus.PNG
http://artknapp.ca/optrules.PNG
http://artknapp.ca/pfsense.png
http://artknapp.ca/config-router.artknapp-20070509032355.xml

use a dedicated machine as DHCP server. Having 2 dhcp servers is the way to madness.

No. Maybe you can try to simplyfiy your setup a bit. It seems to be rather complex.

Implemented.  Will show up in 1.3 Alphas a bit after we release 1.2.

But in the meantime, here is how you could enable the option for lan (substitute for the interface optx to opt1, lan, opt2, etc).

*** Welcome to pfSense 1.2-BETA-1-TESTING-SNAPSHOT-04-30-07-pfSense on pfSense ***

LAN                      ->  ed0    ->      192.168.1.20
  WAN                      ->  ed1    ->      10.0.250.243(DHCP)

pfSense console setup

0)  Logout (SSH only)
1)  Assign Interfaces
2)  Set LAN IP address
3)  Reset webConfigurator password
4)  Reset to factory defaults
5)  Reboot system
6)  Halt system
7)  Ping host
8)  Shell
9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator
12)  pfSense PHP shell
13)  Upgrade from console

Enter an option: 12

Starting the pfSense shell system…............

Example commands:

[[snip]]

pfSense shell> multiline

multiline mode enabled.  enter EOF on a blank line to execute.

pfSense multiline shell[0]> $config['dhcpd']['lan']['disableauthoritative'] = true;               
pfSense multiline shell[1]> write_config();
pfSense multiline shell[2]> print_r($config['dhcpd']['lan']);
pfSense multiline shell[3]> EOF

Array
(
    [range] => Array
        (
            [from] => 192.168.1.100
            [to] => 192.168.1.199
        )

[disableauthoritative] =>
)

I'm in cvandyck's camp and had one other question. Basically, what we trying to do with that setting was to restrict people's ability to simply set a static IP if their machine's mac address was not registered for a dynamic one with the DHCP server.

Is there any way to:
1. Restrict dynamic IPs to registered mac addresses, and
2. Restrict traffic for all static IP addresses that are not listed in the static mappings

but here, and on 2 different hardware types, this setup is not working
detail here :

http://forum.pfsense.org/index.php/topic,4569.0.html

This will not work.  You either need a dynamic dns client on the modem or switch the modem into bridging mode and let pfSense handle the real IP.

Hello,

I'm writing this after reading the dual wan tutorials and the solution you mention in this thread. But I still have some questions.

Please view the image from the attachment. The first private IP is my OPT1 modem, which acts as DNS server. I made static route but still things dosn't run properly. Can you explain me is this right.

On interface WAN I enter the destination network of WAN DNS's(217.79.71.0/24), right? And then the gateway which I saw from Status->interfaces->Wan?
On interface OPT1 I enter the destination network of OPT1 DNS's (192.168.1.0/24).. and then the gateway which I saw from Status->INterfaces->OPT1

OR

On interface LAN I enter both OPT1 AND WAN destination networks with the corresponding DNS and Gateways?

I'm a little bit messed up! Please see the image.

pppoe_dns.jpg
pppoe_dns.jpg_thumb

It's the most recent snapshot so it has the most recent stuff in it (RELENG at least)

oki :)

maybe should upgrade it.

Ticket 1281

hoba, the problem persists, tested in other machine, looks like no-ip client don´t work, in logs seen updated, but ip is other, anybody use no-ip for test? I´m using latest snapshot…

thanks very much for the tip!

I grabbed the snapshot dated from today and will update when I get home. 04-03-07 full update.

If it doesn't work I'll try a full install. But normally the full update snapshots work perfectly.

Thanks Sullrich. I'll make a detailed post back on how to get Verizon FiOS setup without any Actiontec non-sense here as soon as I get it working.

thnx! missed that  :)

I think this is a matter of differing views of how a DHCP server should operate. I happen to think the implementation is absolutely correct and one should never put a reservation within the scope. That being said, I the current ISC DHCP server (IIRC, since v3) allows putting reservations within the scope, so if you really need this you could either write a patch or post a bounty to have someone do it. Or just run DCHP on a different box. If you have a server on the network, why run DCHP on the firewall anyway?

did you turn on nat reflection ?? so that you can ping inside youre network the wan's ip's ?

Thisis not supported currently.

It caches DNS only, so if one client has requested google.com it chaches the IP that has been resolved so that another client gets quicker nameresolution. It's not caching any files like a squid proxy if that is what you mean.

We chache the config.xml to speed up filter reloads and other things. Only editing/replacing the file will not help. Your edits might even get lost on reboot due to that. You should only use the webgui restore config. for config.xml changes which will force a reboot.