Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DHCP in pfsense

    Off-Topic & Non-Support Discussion
    3
    8
    5636
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nuwan last edited by

      I have already up DHCP server in pfsense. In DHCP server i want to deny all host who configured static ip(with out DHCP). How to do that?

      1 Reply Last reply Reply Quote 0
      • K
        kapara last edited by

        Is this for a wireless network or…..?  You could do MAC filtering and only allow those hosts with MAC addresses listed to gain access.

        Skype ID:  Marinhd

        1 Reply Last reply Reply Quote 0
        • N
          nuwan last edited by

          Hi kapara,
          This is not a wireless network. I configured servers as a Static DHCP(MAC/IP binding) and clients as a DHCP clents. My problem is some clients use static IP (manually configure). I want to deny access gateway that static IP clients. Bcoz they use sometime server's IP. How to do that?

          1 Reply Last reply Reply Quote 0
          • K
            kapara last edited by

            The only way I have been able to do that is via the switch.  Each switchport is assigned MAC addresses and if an unknown MAC is connected to that switch port, the port becomes disabled preventing outsiders from accessing your LAN.  You could possibly put your servers on a different interface with a different subnet than the users.  Without seeing the big picture it is a little difficult tocome up with a good solution to your scenario.

            Skype ID:  Marinhd

            1 Reply Last reply Reply Quote 0
            • N
              nuwan last edited by

              Pls give me anyone Layer 3 or higher solution…...................... :)

              1 Reply Last reply Reply Quote 0
              • GruensFroeschli
                GruensFroeschli last edited by

                There is no prefabricated way to do this on layer3

                Well you "could" write a script that reads the DHCP-leases from the DHCP-server and adds dynamically an allow rule to the firewall rules for the read IP's.

                We do what we must, because we can.

                Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                1 Reply Last reply Reply Quote 0
                • K
                  kapara last edited by

                  I was looking into something similar a while back Ex. Microsoft NAP or Cisco NAC.  Why not put servers on separate network via OPT1 and have all PC's DHCP or static on LAN interface?  That way they would not interfere with each other.  You could possibly do this with vlans on LAN interface.  Put servers on separate vlan possibly.

                  Skype ID:  Marinhd

                  1 Reply Last reply Reply Quote 0
                  • K
                    kapara last edited by

                    Arpwatch is an option and there is a port for freebsd.  This also used to be a package on pfsense.

                    http://www.freshports.org/net-mgmt/arpwatch

                    Might be fairly easy to recreate this as a package.

                    Will even email you when a dup IP is detected.

                    Skype ID:  Marinhd

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post