DHCP in pfsense



  • I have already up DHCP server in pfsense. In DHCP server i want to deny all host who configured static ip(with out DHCP). How to do that?



  • Is this for a wireless network or…..?  You could do MAC filtering and only allow those hosts with MAC addresses listed to gain access.



  • Hi kapara,
    This is not a wireless network. I configured servers as a Static DHCP(MAC/IP binding) and clients as a DHCP clents. My problem is some clients use static IP (manually configure). I want to deny access gateway that static IP clients. Bcoz they use sometime server's IP. How to do that?



  • The only way I have been able to do that is via the switch.  Each switchport is assigned MAC addresses and if an unknown MAC is connected to that switch port, the port becomes disabled preventing outsiders from accessing your LAN.  You could possibly put your servers on a different interface with a different subnet than the users.  Without seeing the big picture it is a little difficult tocome up with a good solution to your scenario.



  • Pls give me anyone Layer 3 or higher solution…...................... :)



  • There is no prefabricated way to do this on layer3

    Well you "could" write a script that reads the DHCP-leases from the DHCP-server and adds dynamically an allow rule to the firewall rules for the read IP's.



  • I was looking into something similar a while back Ex. Microsoft NAP or Cisco NAC.  Why not put servers on separate network via OPT1 and have all PC's DHCP or static on LAN interface?  That way they would not interfere with each other.  You could possibly do this with vlans on LAN interface.  Put servers on separate vlan possibly.



  • Arpwatch is an option and there is a port for freebsd.  This also used to be a package on pfsense.

    http://www.freshports.org/net-mgmt/arpwatch

    Might be fairly easy to recreate this as a package.

    Will even email you when a dup IP is detected.


Locked