"Static" DHCP addresses need individually assigned DNS Servers
-
Ok - bit of a noob. Trying to search for dynamically assigning DNS servers gave me lots of info on DynDNS stuff. NOT what I need :)
In my DHCP Server Page I have a bunch of MAC Addresses assigned to always get the same IP Address from the DHCP Server.
Is there a way to assign DNS Servers based on IP/MAC address as well such that I can point my children's devices to OpenDNS's FamilyShield DNS Servers:
208.67.222.123
208.67.220.123But on the devices owned by myself and my wife I want the DNS Servers to point to OpenDNS's Home (and unblocked) Servers:
208.67.222.222
208.67.220.220Or even Google's DNS Servers; or heck - even the DNS servers for my ISP (gasp!)
Any pointers in the right direction?
Thanks!
-
there is probably another way to do this but setup 2 lan gateways
192.168.1.200 for kids make default and open to all
192.168.1.201 for you and wife then enable Static ARP and give your mac ip ectrathis way you and only the MAC addresses you approve will have unlimited access but any new devices will be forced to use the default gateway until you give them access to the other gateway
so 1 wan coming in and 2 lan gateways doing the regulation you are looking for
-
there is probably another way to do this but setup 2 lan gateways
192.168.1.200 for kids make default and open to all
192.168.1.201 for you and wife then enable Static ARP and give your mac ip ectrathis way you and only the MAC addresses you approve will have unlimited access but any new devices will be forced to use the default gateway until you give them access to the other gateway
so 1 wan coming in and 2 lan gateways doing the regulation you are looking for
This is interesting - I actually kind of like this solution better for a lot of reasons. The next question is:
How do I set up 2 LAN Gateways? (Doh! lol) -
first you need a total of 3 Nic as i said 1 WAN, 2 Lan
you will probably need to buy another card even a cheap PCI will workboot into the web interface of PFSense > Interfaces >
Assign WAN {probably have}, Lan {Probably have}, Lan2 {New} <pfsense will="" probably="" name="" it="" opt1="">then assign what ever the new interface is for example re1 or em1then go to interface and make the settings the same as your current lan
Services > DHCP Server > LAN2
use same settings as lan 1 tell you get to Static ARP then enable it
Make the Gateway an unused ip that will not be assigned by dhcp
change the DNS servers to full access
in the bottom of that page enter the device MAC info
<note 2="" you="" will="" probably="" need="" to="" set="" any="" lan="" device="" static="" keep="" them="" on="" the="" lan2="" gateway="">Services > DHCP Server > LAN1
change DNS servers to limited access</note></pfsense> -
On 2.1 you could (though it would be a bit cumbersome) setup separate DHCP pools and put in the list of MACs on one to allow and deny on the other, and they can have unique DNS servers that way.
Of course that would only last until the kids figure out they can hardcode an IP/DNS or spoof their MAC and get around the restrictions. Separating them onto a distinct network is best, assuming they don't have physical access to the gear to switch themselves over to the other network…
How much you need to worry about that stuff really depends on how smart/sneaky/crafty the kids are :-)
