pfSense can act as a DHCP server to distribute IP addresses to machines on your network, as well as the information (gateway IPs, DNS server IPs, ...) they need.
To enable and configure the pfSense DHCP server, go to: Services -> DHCP Server.
On the page that appears, check the "Enable DHCP server on LAN interface" box to enable the DHCP server and configure the "Range" setting to specify the range of IP addresses to distribute to machines on your network.
Note that using a DHCP server is only useful on the LAN interface or an interface connected to a local network or subnet.
This is of no interest to the WAN interface.
In the "General Options" section of the pfSense DHCP server settings, you will find these settings:
Sources :
In the "Additional Pools" section just below, you will be able to add additional DHCP ranges for the subnet shown above.
To do this, click on the "Add pool" button.
On the page that appears, you will see that the URL ends with "newpool". Although the page closely resembles the one allowing you to configure your DHCP server.
On this page, you will see the Available address range for your subnet, as well as the IP address ranges already defined on your DHCP server (In-use DHCP Pool Ranges).
Configure the additional IP address range that your DHCP server will be able to distribute, then modify other available settings as necessary.
Important : as shown at the top of the page (blue background), when you add a new IP address range, the settings configured on it will be applied only to this one.
In the "Servers" section, you can specify:
In the "OMAPI" section, you can configure the settings related to the OMAPI programming layer.
OMAPI allows you to control remote applications and know their status and the connection to OMAPI can be secured thanks to a shared secret.
Source : ISC DHCP 4.1 Manual Pages - omapi.
In the "Other Options" section, you can configure other options:
Sources :
Next, you will find several buttons for advanced settings:
To view advanced settings for any of the sections above, simply click on the relevant "Display Advanced" button.
For the "Dynamic DNS" section, you can specify:
Source : ISC DHCP 4.1 Manual Pages - dhcpd.conf - DYNAMIC DNS UPDATE SECURITY.
For the "MAC address control" section, you can specify:
This allows you to authorize or not allow machines on your network to obtain an IP address from your DHCP server.
Note that each "xx.xx.xx" prefix in MAC addresses corresponds to a manufacturer.
For example: in the case of VMware virtual machines, there are the prefixes "00:0C:29" and "00:50:56".
To find out the manufacturer corresponding to the prefix of a MAC address, go to the "Welcome to The Public Listing For IEEE Standards Registration Authority" page, select "All MAC (...)" and type only the 6 digits of the desired prefix.
Note: you can very well deny MAC addresses here and allow them on another IP address range of your DHCP server, so that clients receive IP addresses from one or the other IP range depending on their MAC address.
This allows the IP range of VoIP phones to be separated from that of client PCs, for example.
Important : a device (computer, server, smartphone, ...) can currently very easily use a false MAC address. This protection can therefore be circumvented very easily.
In addition, this protection does not prevent a machine on your network from communicating with other machines on your network. This protection only concerns the allocation of IP addresses from your DHCP server to the clients concerned.
Sources :
For the "NTP" section, you can specify one or more time servers which will be used by the client machine to update its clock (using the NTP Server 1, ... settings).
Clock synchronization on a network is necessary to avoid authentication problems (eg: Kerberos), as well as for the validity of certificates used on your network (if applicable).
Note: this setting corresponds to DHCP option 042.
For the "NTP" section, you can specify the address of a TFTP server using the "TFTP Server" parameter.
This TFTP server is mainly used for telephony over IP (VoIP), but can also be used to boot a client machine on the network (PXE). See the "Network Booting" section for network booting.
Note: this setting corresponds to DHCP option 066.
For the "LDAP" section, you can specify the URI of an LDAP server using the "LDAP Server URI"setting.
This setting will be sent to the client to help certain clients find their LDAP server (e.g. OpenDirectory).
Note: this setting corresponds to DHCP option 095.
For the "LDAP" section, you will be able to specify settings regarding booting a client machine over the network via PXE.
For example: a thin client without a hard drive will be able to boot on the network by obtaining an IP address from your DHCP server, as well as download a bootable image from a TFTP server to boot from it.
Important : if you want to use network boot (PXE), make sure BOOTP is enabled (at the top of the page).
Indeed, BOOTP will be used by the client machine to obtain its IP address, as well as the parameters configured here.
For the "Additional BOOTP/DHCP Options" section, you will be able to specify any other DHCP options not available via the previous settings.
Which allows you to use all existing DHCP options in the official specification (the link to which is available on the word "URL" visible in the blue frame) even if pfSense does not currently offer the corresponding settings.
At the bottom of the page, in the "DHCP Static Mappings for this Interface" section, you can add static mappings for specific DHCP clients (using their MAC address).
So these clients will always receive the same IP address from your DHCP server. The advantage is being able to define static IP addresses without manually going to each workstation or server separately.
Warning : clicking on the "Add" button in this section will send you to another page (Static DHCP Mapping on LAN).
Hence the fact that this section is displayed after the "Save" button.
If you clicked on the "Add" button in the "DHCP Static Mappings for this Interface" section, the "Edit Static Mapping" page will appear with a "Static DHCP Mapping on LAN" section in which you can specify:
Then, the other settings offered are the same as when configuring your DHCP server.
Therefore, refer to the explanations given previously for these settings.
Sources :
Firewall 5/21/2025
Firewall 5/28/2025
Firewall 5/17/2025
Firewall 5/23/2025
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
You must be logged in to post a comment