No log (exempt); devices don't show DHCP?



  • Hey all, I'm new to pfSense. I did tons of research on these forms, selected good hardware, ran into a snag or two, and got everything squared away. I'm currently running pfSense since last night, and it's really fast and good. :)

    I have a few questions, since I'm so new, so I was hoping you guys could help me out in these regards.

    1. I have a workstation or two that I'd like protected by the firewall. However, I want to exclude its activity from being logged. In my old router (D-Link DGL-4500), I could just create a rule that would not log anything coming from a specific IP address. Is there a way for me to do this in pfSense?

    2. I currently have 3 wireless routers that are running behind my pfSense router. I know how to set it up properly (assigning the wireless routers "static" non-DHCP IPs within the same subnet from pfSense, disabling DHCP/NAT, and connecting to switch ports rather than WAN on the wireless routers) since I was already doing this with my old router. Wireless devices work great and pull IP addresses from the pfSense router. However, this whole thing presents me with a dilemma: these three devices do not show up in my DHCP IP address list of devices in the DHCP Leases list in pfSense. Is there a plugin/package I can use that can crawl the entire network and return to me a list of MAC/IP addresses of all devices that are currently connected to and pulling an IP address from my pfSense router? I tried all the packages that are currently offered (darkstat, arping, etc. etc.) and for the life of me I cannot get these routers to be recognized by the pfSense router. I just need to know and be sure of all the devices that I have currently connected to the pfSense router. My old router did this perfectly, whenever anything was connected to the router.

    3. DHCP seems to be a bit "flaky" (if that is the right word?). Sometimes, for no good reason, devices don't resolve a name resolution when they should. I know that my FIOS STBs probably won't have a name resolution, but all my Windows 7 workstations are named, so they resolve; the problem is that some do, some don't. Any ideas on how to fix this? I've already rebooted my pfSense router a few times as well as the devices, and that seemed to help, but not completely.

    4. I know how to block URLs from being browsed using the Squid proxy. However, I would like to know how to EXEMPT specific workstations (via either MAC address or IP) from these block lists. How would I do this?

    Thanks for all your help and advice, and I'm so glad to be on pfSense. :)



  • @ajm786:

    1. I have a workstation or two that I'd like protected by the firewall. However, I want to exclude its activity from being logged. In my old router (D-Link DGL-4500), I could just create a rule that would not log anything coming from a specific IP address. Is there a way for me to do this in pfSense?

    If your workstation is connected to the pfSense LAN interface then its activity is not being logged by pfSense unless you have already configured pfSense to log it. But what logging do you mean? Perhaps we are thinking about different logging.

    @ajm786:

    2. I currently have 3 wireless routers that are running behind my pfSense router. I know how to set it up properly (assigning the wireless routers "static" non-DHCP IPs within the same subnet from pfSense, disabling DHCP/NAT, and connecting to switch ports rather than WAN on the wireless routers) since I was already doing this with my old router. Wireless devices work great and pull IP addresses from the pfSense router. However, this whole thing presents me with a dilemma: these three devices do not show up in my DHCP IP address list of devices in the DHCP Leases list in pfSense. Is there a plugin/package I can use that can crawl the entire network and return to me a list of MAC/IP addresses of all devices that are currently connected to and pulling an IP address from my pfSense router? I tried all the packages that are currently offered (darkstat, arping, etc. etc.) and for the life of me I cannot get these routers to be recognized by the pfSense router. I just need to know and be sure of all the devices that I have currently connected to the pfSense router. My old router did this perfectly, whenever anything was connected to the router.

    Perhaps you could configure the routers to get their IP address by DHCP.

    The nmap package reportedly has options for reporting all online neighbours to a particular interface. See http://olex.openlogic.com/wazi/2011/nmap-network-probing-cheatsheet/ and http://dougvitale.wordpress.com/2011/11/07/nmap/



  • @wallabybob:

    If your workstation is connected to the pfSense LAN interface then its activity is not being logged by pfSense unless you have already configured pfSense to log it. But what logging do you mean? Perhaps we are thinking about different logging.
    Perhaps you could configure the routers to get their IP address by DHCP.

    The nmap package reportedly has options for reporting all online neighbours to a particular interface. See http://olex.openlogic.com/wazi/2011/nmap-network-probing-cheatsheet/ and http://dougvitale.wordpress.com/2011/11/07/nmap/

    Thanks for the response.

    Let me rephrase the first question. Is there a way to enable logging per MAC/IP rather than having logging enabled for an entire interface?

    Regarding the routers, I've always read (and even in pfSense documentation) to "assign" an IP address to the wireless router that is going to be behind the firewall, but I guess it doesn't hurt to try. Is there any reason why pfSense doesn't recognize it by default (or show it in the DHCP leases)? Technically speaking, the DHCP leases page is also supposed to show statically assigned IP addresses, so I'm not sure why it doesn't come up at all.



  • @ajm786:

    Let me rephrase the first question. Is there a way to enable logging per MAC/IP rather than having logging enabled for an entire interface?

    What logging do you want? Connection attempts can be logged as an option to a firewall rule. The pfSense logs are "circular" recording only the last "n" bytes of log. You can log flow records or syslog records to external servers if you want to keep a lot of history. pfSense has facilities for packet capture (traffic logging).

    @ajm786:

    Is there any reason why pfSense doesn't recognize it by default (or show it in the DHCP leases)? Technically speaking, the DHCP leases page is also supposed to show statically assigned IP addresses, so I'm not sure why it doesn't come up at all.

    No, the DHCP leases page is for showing DHCP leases. Are you confusing DHCP and ARP, thinking the DHCP leases page should show the ARP table (list of recently used IP address to MAC address mappings)? If you want a system to appear in the DHCP leases page it should have a DHCP lease which means it should request a DHCP lease.


Log in to reply