Problem with DNS resolution/DHCP server.

blueinterface · Feb 8, 2006, 1:51 PM

I am running the latest version of pfSense (1.0-BETA1 built on Mon Dec 26 03:18:19 UTC 2005) pc version as a firewall. the specs of the PC are as follows:

500MHz Pentium III
256MB RAM
8 GB HDD
2 NICs

I have captive portal activated, DNS forwarder and DHCP on the LAN.
If the firewall is restarted, it takes up to 4 hours before clients can get to see the login page at all, even when they have been correctly assigned IP addresses.

sometimes too, the wrong DHCP parameters are picked up by clients: my LAN is in the 17.0.0.0/16 network, with the gateway/firewall as 17.0.10.254, yet the clients pick up 192.168.0.1 as gateway and 17.0.0.1 as DHCP server after a reboot.

Why could this be happening? Is it a hardware problem, something with the NICs, or a DNS/DHCP problem?

Any help would be appreciated.

hoba · Feb 8, 2006, 4:14 PM

beta1 is more than one month old. Please try with the latest snapshot from here: http://pfsense.com/~sullrich/1.0-BETA1-TESTING-SNAPSHOT-2-5-06/
If the problem persists please let us know again. It doesn't make sense to investigate a problem that already might be fixed (though I don't see any know fixed issues here).
Concerning the wrong DHCP range please make sure you don't have a second dhcpserver running somewhere.

blueinterface · Feb 8, 2006, 8:55 PM

Can i do an upgrade on the fly using the tarball? I want to minimize the downtime…

hoba · Feb 8, 2006, 9:46 PM

Should work. just feed the full update manually to the webgui system>firmwareupgrade, manual tab
System will only be down for reboot.

blueinterface · Feb 8, 2006, 10:00 PM

Firmware upgrade applied. (although the upgrade page gave me a digital signature warning). I may have to wait to see how fast the clients will connect now…

wait ... somebody came on RIGHT NOW. Amazing!

I hope this lasts. Thanks for all the help.

sullrich · Feb 8, 2006, 10:04 PM

We don't sign the snapshots, only official betas and releases and upcoming release canidates.

blueinterface · Feb 9, 2006, 4:48 AM

Oops, it seems that there is actually a DNS problem: a client is trying to connect and gets "Page Cannot be displayed" after a long pause with "Looking up **************.com". But when i "Nudged" the connection into activity (by typing the IP address of some known site in the browser address bar), the captive portal page was presented. AND other clients could now connect. Really funny.

blueinterface · Feb 11, 2006, 7:37 AM

Is this something to do with the DNS forwarder? why would using an IP address suddenly allow the whole network to have access to the internet?