Hi Sunny, I'll look into it when I get back to the office. Thanks for your advice and thanks to everyone for their input. Keith

I have the DNS forwarder for the domain enabled as well with no luck.  This did work fine in previous snapshots btw.  No biggie for me, though.  Just wanted to help others out.

now these openvpn-options can be set up without using the custom parameters

duh, thanks. I didn't have the opt enabled yet.

I'd suggest using the DC to provide DHCP and DNS to your clients. That way your DC always has current listings of your internal clients IPs. It will make your life easier and more secure. I'd setup the internal network on a different domain then your public one. However if you've already setup the windows domain that is much easier said then done. At any rate, I'd register the domain you use internally just so no one else does, it could bite you in the butt in the future if you have road warriors, well worth $10/year I'd setup the public DNS on a *nic system, either pfsense or other in a DMZ preferably. You do NOT want your windows domain dns to be accessible from the outside world. But if they are the same domain name then just setup the *nix box and the Windows box both with the SOA. Your public one will be the one with real authority, but you DC must believe that it does as well. Your clients will believe your DC's DNS no matter what. You can use DNS tricks on your DC to point to the internal IP of the webserver too, this will take the traffic off your internet connection, otherwise it may route out to the internet and then back to you. Hope this helps.

Don't think i know what you mean with dmz pool limit. But you define all the rules. this might help you out http://doc.m0n0.ch/handbook/examples.html

Don't bother….. Just use the pFSense for one DynDNS..... And install the DynDns-client on one of your servers (you must be having at least one, that why you are using DynDNS) - and feed it all you other DynDNS IP's.... It will detect the WAN IP just fine, even when you consider that it's running on PC on your internal network. For for me for month now.

TQ is work…. you are the best.... :D :D :D

OK, screen shots of LAN rules, OPT rules, LB rules, LB status, gliffy diagram of layout, config file with passwords errased anything else? i'll be happy to post, i would really like this to work properly. Thanks guys -Eric PS, files to big to upload all of them.. so i posted them on my local webserver. http://artknapp.ca/lanrules.PNG http://artknapp.ca/lbrules.PNG http://artknapp.ca/lbstatus.PNG http://artknapp.ca/optrules.PNG http://artknapp.ca/pfsense.png http://artknapp.ca/config-router.artknapp-20070509032355.xml

use a dedicated machine as DHCP server. Having 2 dhcp servers is the way to madness.

No. Maybe you can try to simplyfiy your setup a bit. It seems to be rather complex.

Implemented.  Will show up in 1.3 Alphas a bit after we release 1.2. But in the meantime, here is how you could enable the option for lan (substitute for the interface optx to opt1, lan, opt2, etc). *** Welcome to pfSense 1.2-BETA-1-TESTING-SNAPSHOT-04-30-07-pfSense on pfSense *** LAN                      ->  ed0    ->      192.168.1.20   WAN                      ->  ed1    ->      10.0.250.243(DHCP) pfSense console setup 0)  Logout (SSH only) 1)  Assign Interfaces 2)  Set LAN IP address 3)  Reset webConfigurator password 4)  Reset to factory defaults 5)  Reboot system 6)  Halt system 7)  Ping host 8)  Shell 9)  PFtop 10)  Filter Logs 11)  Restart webConfigurator 12)  pfSense PHP shell 13)  Upgrade from console Enter an option: 12 Starting the pfSense shell system…............ Example commands: [[snip]] pfSense shell> multiline multiline mode enabled.  enter EOF on a blank line to execute. pfSense multiline shell[0]> $config['dhcpd']['lan']['disableauthoritative'] = true;                pfSense multiline shell[1]> write_config(); pfSense multiline shell[2]> print_r($config['dhcpd']['lan']); pfSense multiline shell[3]> EOF Array (     [range] => Array         (             [from] => 192.168.1.100             [to] => 192.168.1.199         ) [disableauthoritative] => )

I'm in cvandyck's camp and had one other question. Basically, what we trying to do with that setting was to restrict people's ability to simply set a static IP if their machine's mac address was not registered for a dynamic one with the DHCP server. Is there any way to: 1. Restrict dynamic IPs to registered mac addresses, and 2. Restrict traffic for all static IP addresses that are not listed in the static mappings

but here, and on 2 different hardware types, this setup is not working detail here : http://forum.pfsense.org/index.php/topic,4569.0.html

This will not work.  You either need a dynamic dns client on the modem or switch the modem into bridging mode and let pfSense handle the real IP.

Hello, I'm writing this after reading the dual wan tutorials and the solution you mention in this thread. But I still have some questions. Please view the image from the attachment. The first private IP is my OPT1 modem, which acts as DNS server. I made static route but still things dosn't run properly. Can you explain me is this right. On interface WAN I enter the destination network of WAN DNS's(217.79.71.0/24), right? And then the gateway which I saw from Status->interfaces->Wan? On interface OPT1 I enter the destination network of OPT1 DNS's (192.168.1.0/24).. and then the gateway which I saw from Status->INterfaces->OPT1 OR On interface LAN I enter both OPT1 AND WAN destination networks with the corresponding DNS and Gateways? I'm a little bit messed up! Please see the image. [image: pppoe_dns.jpg] [image: pppoe_dns.jpg_thumb]

It's the most recent snapshot so it has the most recent stuff in it (RELENG at least)

oki :) maybe should upgrade it.