Thanks for the reply Sh4. Unfortunately that doesn't exactly do what I want.

Anyone who connects should be able to get a DHCP lease, but only those with a DHCP lease should have access across the WAN.

Make a capture/sniff on the DHCP ACK message and check lease time. It should be 1 minute in your case (as the renewal time is usually lease_time/2).

On the other hand, the IP adress 192.168.0.1 seems not to be a public ISP address. Check your half-modem configuration.

I'm also trying to forward all http(s) requests for domain [x.com] to a single designated LAN IP (regardless of [sub-domain].x.com) and have not been successful.

I would expect that leaving the host field blank or using something like a * wild-card would do the trick, but no go.

Hi!

A client (or server) use the gateway when they whant to send packets to another net and not their own.

Your clients trying to access the 192.168.1.x net will pass the gateway in the 172.16.1.0 net.

The gateway must have knowledge where to send packets outside its own network.

Configure your gateway device so it has knowledge about where to send packets with destination outside its own net.

This is usually achived by adding a static route entry.

This applies for all of the networks you mention.

Hope this helps,

/UrbanSk

solved, it wasn't a DNS problem, but a problem with my routes

Well, the resolution was simpler than I expected.

I had the campus network folks look at the switch logs, and it appears that DHCP was being blocked at the switch port.  They made that port "dhcp trusted" and all works as it should.

That's what I was hoping for – for such a simple configuration, it didn't make sense that I would have to set up VLANs in the firewall, since everything on the LAN side was on the same VLAN, and everything in the WAN side was on another.  I figured it should have been just like a physical network as far as all the hosts (and pfSense) were concerned.  But this was the first time I had dealt with a firewall that even understood VLANs, so I wasn't sure. :)

Thanks for the help!

In "System" –> "General Setup" --> "DNS servers" i setup the DNS i use. But the resolv.conf first line contains a line that i suspect to slow the resolution : "domain local"... I would like to have my resolv.conf containing only my dns.

Thanks !

And another week.

nobody with any ideas?

me either. :)

I'm also seeing this problem.

I have to disable DNS forwarding to get tinydns to correctly bind to the interface and start. With DNS forwarder disabled I get no external resolution. Re-enable DNS forwarder, and disable tinydns and external resolution comes back.

I too would like to know if this is possible…

Try to add an afterfilterchangesshellcommand-tag (see http://blog.pfsense.org/?p=31) to automatically restart the dhcp server on interface linkup. You'll have to download the config.xml and manually add a section to it and reupload it again.

Update on DNS issues. After removing my real DNS server entries from my SBS 2003 and adding the pfSense as the only entry, and following the previous instructions of adding the internal Web Servers local names and addresses in the DNS Forwarder area of the pfSense, all is well.

Thanks again very much.

Here is what I found out…

Yesterday night and I am 100% sure of that, DHCP server was pointing to the CARP BOX2.
This morning I ran ipconfig /all and it was pointing to CARP BOX1, then I disabled and enabled network connection to renew DHCP and it was  pointing to BOX2 again. After reading your post I disabled all rules except the one with LOAD BALANCER and changed it to default gateway.

I renewed connection and got routed to BOX1 DHCP server. Then I connected another PC to the network and got routed to DHCP BOX1.
I thought that your solution worked out. I went back to my PC renewed connection and got back on DHCP BOX2. I guess it was not enough for me, so I used another nic in my pc. I unplagued the cable from old nic into the new one and got DHCP BOX1 right away. Renewed connection and still DHCP BOX1, reverted rules to original ones and still DHCP BOX1. It does not matter now how many times I renew connection I still get BOX1.

For the moment I thought that it should work now. I went back to PC that I just connected to network. It was sitting on DHCP BOX1. I renewed connections and it went to DHCP BOX2.

I am guessing that this is not the firewall problem!