It’s now time for us to learn how to configure DHCP on pfsense router and firewall. Last time, we learned how to configure ssh properly on pfsense router and firewall.
A DHCP server dynamically issues IP addresses to clients using a predefined pool of IP addresses and configures the client for network access. Learn more about DHCP here
How To Configure DHCP on PFsense.
While installing pfsense earlier, we enabled the DHCP service on the LAN interface and assigned a pool of addresses that the server will dish out to clients. However, to manually edit these changes or make a new one, navigate to services -> DHCP Server.
To enable DHCP for an interface, say WIFI, simply tick ‘enable DHCP Server’ on that interface.
The diagram below shows the DHCP server enabled for LAN. It also has a static IP address and an IP address range which are all requirements if you want pfsense to act as a DHCP server for a particular network.
NOTE: DHCP Server can not be enabled for an interface with DHCP Relay Service enabled.
If you tick the ‘Deny unknown clients’ checkbox, then only clients with static mappings defined will receive an IP address from the server. Since this page has no DNS server added, pfsense will assign itself as the DNS server as long as the default DNS resolver or DNS forwarder is turned on. The image shows pfsense as the DNS server.
However, if we disable the DNS forwarder and/or DNS resolver and enter in google IP address of 188.8.131.52 in System -> General Setup, and also leave the DNS fields blank in Services- > DHCP Server, pfsense will use the IP address assigned in system->general setup DNS section, as the DNS server.
If you employ windows active directory with its associated DNS server for your client computers or if you use bind DNS, simply enter the IP address of your DNS servers in the DNS servers section.
Now, pfsense will force the client computers to use the custom DNS server.
You can leave the other fields in their defaults as we may attempt to configure some of them in other pfsense posts. Now click save.
HOW TO CONFIGURE STATIC MAPPING ON PFSENSE
In static mapping, we define exactly which IP address will be assigned to a client at all times based on the client’s mac address. To add a static mapping, click on the + sign under DHCP static mapping for this interface.
Enter in the required mac address for the computers you want to map statically to individual IP addresses.
Mac address can be gotten by running this code in your command prompt #ipconfig /all on windows and #ifconfig –a on Linux.
On windows, you can get all mac address on a subnet by running #arp –a.
This is especially helpful, to assign IP addresses statically from a DHCP server to client computers such as email servers, active directory servers, and so on.
To view the status of your DHCP server, go to status -> services.
As can be seen, DHCP daemon is running.
To view the leases that are active and expired, go to Status -> DHCP leases.
You can click on the show all configured leases to display all leases including expired and active leases.
In this post, we have learned How To Configure DHCP on PFsense router and firewall. We will use the knowledge we have gained here in a later section when we configure DHCP for the captive portal. Review carefully the different options that the PFsense firewall provides and use them to solve your specific use case. Please stay tuned.