Read more about this book |
pfSense is an open source distribution of FreeBSD-based firewall which provides a platform for flexible and powerful routing and firewalling. The versatility of pfSense presents us with a wide array of configuration options.
In this article by Matt Williamson, author of pfSense 2 Cookbook, we will cover:
(For more resources on this subject, see here.)
This recipe describes how to configure the DHCP service in pfSense. The DHCP service assigns an IP address to any client who requests one.
PfSense can only be configured as a DHCP server for interfaces configured with a static IP address. Using the examples in this article, that includes the LAN and DMZ interfaces but not the WAN. This example recipe will configure the DHCP server for your DMZ interface.
(Move the mouse over the image to enlarge it.)
A DHCP server accepts requests from clients and assigns them an available IP address.
A DHCP server fulfills a client request by handing out the first available IP address. This means that it’s very likely that a client will receive a different IP address with every request.
In order to ensure that a client always receives the same IP address, we can create static DHCP mapping. See the next recipe, Creating static DHCP mappings, for more information.
Enabling this option ensures that only clients with static DHCP mappings will receive an IP address. DHCP requests from all other clients will be ignored.
This is different from Enable static ARP entries where unknown clients will receive an IP address, although they won’t be able to communicate with the firewall (on that interface) in anyway.
Specify any DNS server to be automatically assigned to our DHCP clients. If left blank, pfSense will automatically assign DNS servers to our clients in one of the following two ways:
The interface gateway will be provided to clients by default (that is, the static IP of the interface), but can be overridden here if necessary.
The domain name specified in General Setup is used by default, but an alternative can be specified here.
An alternative lease time can be specified here for clients who do not request a specific expiration time. The default is 7200 seconds.
An alternative maximum lease time can be specified for clients that ask for a specific expiration time. The default is 86400 seconds.
CARP-configured systems can specify a fail-over IP address here.
Enabling static ARP entries will only allow clients with DHCP mappings to communicate with the firewall on this interface. Unknown clients will still receive an IP address, but all communication to the firewall will be blocked.
This is different from Deny Unknown Clients where unknown clients won’t even receive an IP address.
Enable clients to automatically register with the Dynamic DNS domain specified.
Enter any custom DHCP option here. Visit http://www.iana.org/assignments/bootpdhcp- parameters/bootp-dhcp-parameters.xml for a list of options.
This recipe describes how to add static DHCP mappings in pfSense. A static DHCP mapping ensures a client is always given the same IP address.
Creating static DHCP mappings is only applicable for interfaces using the DHCP service.
When a client connects to our DHCP server, the firewall first checks for a mapping. If the client’s MAC address matches a mapping we’ve specified, then the DHCP server uses the IP address specified in the mapping. If no mapping exists for our client’s MAC address, our DHCP server uses an IP address from its available range.
Static mappings can be viewed at the bottom of the DHCP Server configuration page for each interface by browsing to the Services DHCP Server | Interface| tab.
All static mappings for a given interface can be managed here. Existing mappings can be modified or removed, and new static mappings can be created, but you’ll have to enter the MAC address manually.
I remember deciding to pursue my first IT certification, the CompTIA A+. I had signed…
Key takeaways The transformer architecture has proved to be revolutionary in outperforming the classical RNN…
Once we learn how to deploy an Ubuntu server, how to manage users, and how…
Key-takeaways: Clean code isn’t just a nice thing to have or a luxury in software projects; it's a necessity. If we…
While developing a web application, or setting dynamic pages and meta tags we need to deal with…
Software architecture is one of the most discussed topics in the software industry today, and…