DHCP and MAC Address filtering

DarkKnight 0 · Nov 25, 2023, 1:39 AM

Everyone on this forum has been great and I have my pFsense firewall up and running with Snort, pFBlockerNG and OpenVPN. Thank you all

Now I need to migrate from the Netgear to the pFsense, what I mean is that I have pFsense LAN port going to my Netgear WAN port and all my devices on the LAN are handle by the Netgear. The reason why I want to migrate is the the netgear max throughput is between 300 MBPS and 500 MBPS (directly from Netgear Support). and USG20-VPN is only 350 MBPS So here are my question(s)

does pFsense (DHCP) support reserved IP Address assignment ? or do I need to statically set IP's on all computers. ( Why ? I am using Arconis Advanced Workstation Backup and have the machine added to the management console and that is based on IP Address so for the workstation to be backed up the IP Address needs to remain the same.)
Does pFsense support Access Control List ? ( Why ? The Netgear R6220 allow me to block all new connections and only allow connections from allowed computer(s) based on IP Address/MAC Address.

That is all I need to complete my migration from the Zytel USG20-VPN to my custom built pFsense Fire Wall - IDS/IDP - OpenVPN Server.
Learned allot and had allot of fun doing this. Again I thank you all as you all have been great in responding and answering questions

Dark Knight

SteveITS · Nov 24, 2023, 7:36 PM

@DarkKnight-0 Yes you can reserve IPs.

MAC filtering is a pfSense Plus feature. You can do some things like refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.

DarkKnight 0 · Nov 24, 2023, 7:41 PM

@SteveITS said in DCHP and MAC Address filtering:

You can do some things like refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range

is that in the Free version or Plus version ? As I did not see that or could not have understood the layout in pFsense

Thank You Dark Knight

SteveITS · Nov 24, 2023, 7:52 PM

@DarkKnight-0 it’s “Deny unknown clients” on that link

coxhaus · Dec 3, 2023, 7:29 PM

@DarkKnight-0
If you want you can bring both DHCP client server lists up in a Window and cut and past the MAC addresses to the new DHCP server.

What I do now is I don't use DHCP reserved IPs and all I have to do is move the cables and the clients automatically acquire new IP addresses on the new DHCP server. It seems easier to me. If I set statics up for equipment I don't use DHCP as I set the statics up outside the DHCP range so they just transfer if you use the same network and mask.

DarkKnight 0 · Dec 3, 2023, 7:30 PM

@coxhaus okay got it all figured out (refuse DHCP to unrecognized MACs, and firewall rules to block IPs outside of your range.) this worked very well and I was able to use the Access Control on the netgear as well so that WIFI clients could not connect either.

I am now completely up and running, I have addressed my speed issue by just getting Intel (ET PRO 1000) dual Ethernet adapter and just disabled RealTek Nic's. I am now getting the speeds I am paying for and I can see that everything inbound is block, no new devices can connect very happy camper here,