[pfSense] Long delay before DHCP issued leases appear n the DHCP lease table
I've been 'subdividing' some growing networks into multi-lan; guest, management networks etc. On every occasion I've observed that it has taken considerable time (perhaps 10 to 20 minutes) after the DHCP server begins issuing new leases (to hosts moved from the other interface) before they show in the DHCP lease table.These hosts are successfully being issued IP addresses in the new range, and their MAC's and IP's show up in the pfSense ARP table, plus I can see the activity in the DHCP log. Restarting DHCPD doesn't seem to have an immediate effect. So far, it seems most correlated with the passage of time. Naturally all of the hosts in all scenarios were moving from a different interface on the same router. Some even had static reservations (that were deleted). These have all been 2.2.6 installations. I may have the opportunity to re-factor as above on a 2.3 installation later this month. Any ideas what's happening here? Am I waiting for ARP expiration or something? Any way to speed up this process? ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] DNS secondary server on 2.3?
On Thu, Apr 28, 2016 at 10:21 AM, Adam Thompson wrote: > OK, I'm lost... In v2.3, what service, and/or where in the GUI, should I go > to make pfSense act as a slave (authoritative) DNS server? > No such capability. Neither dnsmasq nor unbound are authoritative servers. The tinydns and BIND packages were removed as they had no active maintainers. > On a related note, in Services / DNS Resolver / General Settings, what does > "DNS Query Forwarding" do? > There's no description, so I assume if it's *not* set, unbound starts at the > root servers, and if is *is* set, unbound tries my upstream ISP's servers > first (based on the system global DNS settings)? > Yes, it forwards queries to the defined DNS servers rather than doing its own recursion. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] DNS secondary server on 2.3?
OK, I'm lost... In v2.3, what service, and/or where in the GUI, should I go to make pfSense act as a slave (authoritative) DNS server? On a related note, in Services / DNS Resolver / General Settings, what does "DNS Query Forwarding" do? There's no description, so I assume if it's *not* set, unbound starts at the root servers, and if is *is* set, unbound tries my upstream ISP's servers first (based on the system global DNS settings)? Thanks, -Adam ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] GUI /firewall_virtual_ip.php - reordering them?
Could this be listed as an enhancement request for the GUI editing of the virtual IPs ? Some ability to reorder them, at least manually (like rules for instance)? When you have a good number of IP aliases, it would help grasp the big picture in a glimpse to check wether something is not right or missing. Or have them automatically ordered, first by Type, then Interface and then by IP (that's just how *I* would order them by hand). -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Fw: new message
Thank you Chris, I appreciate your efforts. I have been on other lists that started out with no spam and then got nailed by spam because the list got hacked and nobody was watching over it. I get enough spam even with all the spam filters turned on and tuned. Randy Randy Morgan CSR Department of Chemistry and Biochemistry Brigham Young University 801-422-4100 On 4/26/2016 12:26 PM, Chris Buechler wrote: On Tue, Apr 26, 2016 at 8:49 AM, Randy Morgan wrote: This is not a group for advertising weight loss products, I hope this is not going to become a discussion group that allows advertising of this type. I unsubscribe every address that spams the list. Only emails from subscriber addresses make it through, so virtually all the spam gets dropped that way. On occasion when a subscriber's email account is compromised and used to send spam out to their address book, something gets through. Short of moderating everything, which would be a pain and add unnecessary delays to all posts, there isn't a good alternative. ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] CARP and both IPv4 and IPv6: do they live together?
> Le 28 avr. 2016 à 00:28, Chris Buechler a écrit : > >> >> Sure, I'm not helped by the transit provider which does not actually route >> the /56 prefix to my link (savages!) but merely 'switch' it to me, expecting >> ARP/NDP from >> each of my connected devices, and me using one dedicated IP of the block as >> gateway. > > That's a mess, make them fix that. It's ugly at a minimum, and will > make many typical uses of IPv6 impossible. No competent ISP will > assign your /56 directly to their router in its entirety. > > >> Until I thought of the RA!! I have set RA on WAN to Router Only over my >> defined WAN IPv6 CARP > > You don't want RAs enabled on WAN. Your ISP's router is the one > sending RAs in that case (if anything is). You're advertising yourself > on that network as a router for other hosts, which is never what you > want on your WAN. Thanks a lot Chris for your answer. The supplier is a provider of turn-key dedicated hardware + ESXi/vSphere infrastructure, all setup in their own private data centers. Takes the hardware provisioning and servicing out of our hands. We experiment with their offering as an alternative way of implementing our presence in data centers. In this context, where in the end we only have access to VMs that we define as we see fit, we decided to build two pfSense VMs, in HA setup, with vSphere rule for keeping them separated on distinct physical hosts. (For other needs than this one, we use hardware purchased from pfSense website by the way, nice boxes, thanks!!). True, their way to provide IP blocks (either IPv4 or IPv6) is a mess (assigned at their routers, and merely switched to us). We work with them to change that asap. I second your opinion on RA on WAN. Yet, I turn it off, I loose IPv6 connectivity, while turned on as described, I'm only left with the WAN IPv6 CARP not reachable, but trafic is fine toward inner equipment. That is completely unusual, bizarre, whatever, but until they properly route trafic to me, I'm happy with what I now currently have. :) The HA setup looks fine now, well-tuned and I could simulate the loss of one host and see the traffic persist nicely through the secondary pfSense. Very nice. Thanks again, -- Meilleures salutations, Met vriendelijke groeten, Best Regards, Olivier Mascia, integral.be/om ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
