Implemented.  Will show up in 1.3 Alphas a bit after we release 1.2.

But in the meantime, here is how you could enable the option for lan (substitute for the interface optx to opt1, lan, opt2, etc).

*** Welcome to pfSense 1.2-BETA-1-TESTING-SNAPSHOT-04-30-07-pfSense on pfSense ***

LAN                      ->  ed0    ->      192.168.1.20
  WAN                      ->  ed1    ->      10.0.250.243(DHCP)

pfSense console setup

0)  Logout (SSH only)
1)  Assign Interfaces
2)  Set LAN IP address
3)  Reset webConfigurator password
4)  Reset to factory defaults
5)  Reboot system
6)  Halt system
7)  Ping host
8)  Shell
9)  PFtop
10)  Filter Logs
11)  Restart webConfigurator
12)  pfSense PHP shell
13)  Upgrade from console

Enter an option: 12

Starting the pfSense shell system…............

Example commands:

[[snip]]

pfSense shell> multiline

multiline mode enabled.  enter EOF on a blank line to execute.

pfSense multiline shell[0]> $config['dhcpd']['lan']['disableauthoritative'] = true;               
pfSense multiline shell[1]> write_config();
pfSense multiline shell[2]> print_r($config['dhcpd']['lan']);
pfSense multiline shell[3]> EOF

Array
(
    [range] => Array
        (
            [from] => 192.168.1.100
            [to] => 192.168.1.199
        )

[disableauthoritative] =>
)

I'm in cvandyck's camp and had one other question. Basically, what we trying to do with that setting was to restrict people's ability to simply set a static IP if their machine's mac address was not registered for a dynamic one with the DHCP server.

Is there any way to:
1. Restrict dynamic IPs to registered mac addresses, and
2. Restrict traffic for all static IP addresses that are not listed in the static mappings

but here, and on 2 different hardware types, this setup is not working
detail here :

http://forum.pfsense.org/index.php/topic,4569.0.html

This will not work.  You either need a dynamic dns client on the modem or switch the modem into bridging mode and let pfSense handle the real IP.

Hello,

I'm writing this after reading the dual wan tutorials and the solution you mention in this thread. But I still have some questions.

Please view the image from the attachment. The first private IP is my OPT1 modem, which acts as DNS server. I made static route but still things dosn't run properly. Can you explain me is this right.

On interface WAN I enter the destination network of WAN DNS's(217.79.71.0/24), right? And then the gateway which I saw from Status->interfaces->Wan?
On interface OPT1 I enter the destination network of OPT1 DNS's (192.168.1.0/24).. and then the gateway which I saw from Status->INterfaces->OPT1

OR

On interface LAN I enter both OPT1 AND WAN destination networks with the corresponding DNS and Gateways?

I'm a little bit messed up! Please see the image.

pppoe_dns.jpg
pppoe_dns.jpg_thumb

It's the most recent snapshot so it has the most recent stuff in it (RELENG at least)

oki :)

maybe should upgrade it.

Ticket 1281

hoba, the problem persists, tested in other machine, looks like no-ip client don´t work, in logs seen updated, but ip is other, anybody use no-ip for test? I´m using latest snapshot…

thanks very much for the tip!

I grabbed the snapshot dated from today and will update when I get home. 04-03-07 full update.

If it doesn't work I'll try a full install. But normally the full update snapshots work perfectly.

Thanks Sullrich. I'll make a detailed post back on how to get Verizon FiOS setup without any Actiontec non-sense here as soon as I get it working.

thnx! missed that  :)

I think this is a matter of differing views of how a DHCP server should operate. I happen to think the implementation is absolutely correct and one should never put a reservation within the scope. That being said, I the current ISC DHCP server (IIRC, since v3) allows putting reservations within the scope, so if you really need this you could either write a patch or post a bounty to have someone do it. Or just run DCHP on a different box. If you have a server on the network, why run DCHP on the firewall anyway?

did you turn on nat reflection ?? so that you can ping inside youre network the wan's ip's ?

Thisis not supported currently.

It caches DNS only, so if one client has requested google.com it chaches the IP that has been resolved so that another client gets quicker nameresolution. It's not caching any files like a squid proxy if that is what you mean.

We chache the config.xml to speed up filter reloads and other things. Only editing/replacing the file will not help. Your edits might even get lost on reboot due to that. You should only use the webgui restore config. for config.xml changes which will force a reboot.

The hostname is read from the dhcpd.leases file. When the host renews the dhcp lease the hostname change should appear.

Just wanted to update this and say that it still doesn't work in 1.0.1… Anybody know what this might be? Or have any other advice how to get the same functionality?

I want to have an easy way to connect to the network. And I admin want to know what IP the client has. The way it is now each IP is linked to the MAC address and with a discription with the owner of the computer. And I want to seperate wires from non wires :)

Hi, I have integrated the automatic proxy configuration by myself. It is integrated in the gui. Feel free to adopt.

The files to edit:

/usr/local/www/services_dhcp.php

/etc/inc/services.inc

The modifications:

/usr/local/www/services_dhcp.php

  $pconfig['failover_peerip'] = $config['dhcpd'][$if]['failover_peerip'];   $pconfig['netmask'] = $config['dhcpd'][$if]['netmask']; +  $pconfig['wpad'] = $config['dhcpd'][$if]['wpad'];   $ifcfg = $config['interfaces'][$if]; ----- $config['dhcpd'][$if]['next-server'] = $_POST['nextserver']; $config['dhcpd'][$if]['filename'] = $_POST['filename']; + $config['dhcpd'][$if]['wpad'] = $_POST['wpad']; write_config(); /* static arp configuration */ interfaces_staticarp_configure($if); ----- Leave blank to disable.  Enter the REAL address of the other machine.  Machines must be using CARP. +                      +                        Automatic Proxy URL +                        +                          +                          +                          This is the URL to the automatic proxy script. + +                                              Static ARP

/etc/inc/services.inc

one-lease-per-client true; deny duplicates; EOD; + if (isset($dhcpifconf['wpad'])) { + $dhcpdconf .= "option wpad-url code 252 = text;"."\n"; + $dhcpdconf .= "option wpad-url \"".$dhcpifconf['wpad']."\\n\";"."\n"; + } $dhcpdifs = array(); /*    loop through and deterimine if we need to setup *    failover peer "bleh" entries

With these slight modifications, there will be an extra field in the dhcp configuration where you can enter the URL to your proxy.pac. I have copied my proxy.pac to /usr/local/captiveportal/captiveportal-proxy.pac and have entered in the Automatic proxy field http://192.168.0.1:8000/captiveportal-proxy.pac.

My proxy script looks like this:

function FindProxyForURL(url, host) { if (     (isPlainHostName(host)) ||     (dnsDomainIs(host, ".dsl.local")) ||     (isInNet(host, "10.0.0.0", "255.0.0.0")) ||     (isInNet(host, "172.16.0.0", "255.240.0.0")) ||     (isInNet(host, "169.254.0.0", "255.255.0.0")) ||     (isInNet(host, "192.168.0.0", "255.255.0.0"))   )     return "DIRECT"; else if (     (isInNet(myIpAddress(), "192.168.0.0", "255.255.255.0"))   )     return "PROXY 192.168.0.1:3128"; }

Cheers,
Manuel