System -> General Setup [image: pfsense.local%20-%20System:%20General%20Setup_1233395067885.png]

I would rather set the openDNS servers onto the "allowed IPs" list than allow the client alltogether.

It is listed. When I set up my static DHCP lease I made sure to put in a hostname. I'll look thru that post and see if I get any further. It's driving me nuts!

if u have apache just install plesk and all it`s done. U can do this easy from Plesk panel.

I think he means the DNS entries and the Static IP entries are found in two different sections. Input your IP# and Gateway in the WAN config section under Interfaces and the DNS entries can be found in the General settings page.

Thanks. With a few more options, like separate list of the internal DHCP leases registered in DNS, and per domain and/or time sorting would be very interesting. Will try to offer something in the near future, as soon as I finish other pressing issues around my network and pfSense.

;-) Your pfSense doesn't know about your actual WAN IP, thus it cannot promote it to DynDNS service. However, it correctly promotes what is known: it's WAN IP. That's not the LAN IP you pointed to earlier! Two possibilities: let your modem do the DynDNS update itself (it knows the WAN IP) (if at all possible) switch your modem to bridge mode and have pfSense do the PPPoE. This way it knows the WAN IP and can update your DynDNS settings correctly.

Cheers Perry.

CMB, I wouldn't have assumed that when trying to piece it together but hey, that's good enough for me. Sorry to keep this thread going but while following your solution to use a manual WAN rule on top to drop the noise, I found a reason not to be in a rush over this… 1. I Created a new rule to block the specific private IP (broadcast) source address; as expected the 2 system rules found on the WAN tab (enabled by check-box) remain on top but there seems to be no way to relocate my new manually created rule to the top of the heap... so... 2. I released my ISP assigned address on my WAN... (or just unplug the WAN) 3. Then I deleted both system WAN rules (block private IP's and Bogon Networks)... now with only my manual WAN rule still present... 4. Went back to the WAN tab and reselected the block private IP's system rule and it immediately populates itself right back on top of my manual rule... I was afraid of that. So that means I will need to create replica's of one or both system WAN rules manually starting with 3 separate rules to cover all 3 private IP ranges/RFC1918. As much as I appreciate your suggestion, for now I'm just going to stick to the system (default rules) and work around this with a syslog daemon and hopefully a filter to not re-log traffic from that single broadcast gateway (source) address... Thanks again! Any general knowledge book suggestions on residential ISP's which you can recommend... I would like to get up to speed on this stuff.

You could setup a cron job to run "dhclient fxp0", replacing fxp0 with whatever your WAN interface is.

My wording was unclear indeed. My intent was that it would be interpreted to mean you can't use the same domain name on two separate networks with different entries in the DNS on each, and then expect them to know about each other and resolve the conflict on their own when you want them to interoperate. I just assumed there was another AD box at the branch office. It seemed implied, and it seems that it was indeed the case. I still never said anything close to 'the DNS server must be on the same subnet', I'm not sure where you're getting that from. But it's a moot point… glad you got it working Zulan.

have you tried enlarging the images? I would make them bigger if there was not a 250mb limit on uploads

I have a few things I'm going to try when I get home from work. One interesting bit that I did noticed and forgot to mention is that I wasn't able to ping the LAN interface (192.168.10.1) from a test machine on the same subnet.

I should also add that we do have firewall wall rules setup for IPSEC. All systems that are connected vie their DHCP client, show up as online leases and we can get to them and the LAN interface over IPSEC. Any ideas?

System –> Packages Now click the + button next to the package you wish to install.