DHCP Server Configuration in pfSense

DHCP

pfSense’s DHCP configuration page in the web GUI.

In the first four parts, I covered installation and setup from the LiveCD, general configurations in the web GUI, WAN and LAN configuration, and setting up a DMZ. In this part, I cover setting up a DHCP server within pfSense. In many scenarios, you will want your pfSense router to also act as a DHCP server. In this case, pfSense’s DHCP service will assign an IP address to any client who requests one.

To configure the DHCP server, go to Services -> DHCP Server. Choose the interface on which the DHCP Server will be active (in this case, I chose LAN). Check “Enable DHCP server on LAN interface“. The next option is “Deny Unknown Clients“. Enabling this option ensures that only clients with static DHCP mappings will receive an IP address. DHCP requests from all other clients will be ignored. If you enable this option, you will have to enter the static DHCP mappings at the bottom of the settings page. Static DHCP mappings will be covered in the next article.


Next, at “Range“, choose a range of IP addresses for DHCP clients to use. THe range must be contiguous and within the available range listed above “Range“.

The next setting is “WINS Servers“. WINS stands for Windows Internet Name Service, which is used to map NetBIOS names to IP addresses on Windows-based systems. Unless you are running a WINS server, you can leave this field blank. Next is “DNS Servers“. Here you can specify any DNS server to be automaticaly assigned to your DHCP clients. If left blank, pfSense will automatically assign DNS servers to your clients on one of the following two ways:

  • If DNS Forwarder is enabled, then the IP address of the interface is used. This is because the DNS Forwarder turns the pfSense machine into a DNS server, so the IP of the pfSense machine is assigned to each client.
  • If DNS Forwarder is not enabled, then the DNS servers entered on the “General Setup” page are used. And if “Allow DNS server list to be overridden by DHCP/PPP on WAN” is enabled in “General Setup”, then the DNS servers obtained through the WAN will be used instead.

The next option is “Gateway“. The interface gateway will be provided to clients by default (the static IP of the interface), but it can be overridden here if necessary.The domain name specified in the General Setup is used by default, but you can specify an alternative under “Domain Name”.

An alternative lease time can be specified under “Default Lease Time” for clients who do not request a specific expiration time. For those who request a specific expiration time, you can set an alternative under “Maximum Lease Time“.


CARP-configured systems can specify a fail-over IP address under “Failover Peer IP“. Enabling “Static ARP” will only allow clients with DHCP mappings to communicate with the firewall on this interface. Unknown clients will still receive an IP address from the DHCP server, but communication to the firewall will be blocked. [This differs from “Deny Unknown Clients“, where unknown clients won’t get an IP address.]

Dynamic DNS” enables clients to automatically register with the Dynamic DNS domain specified. Under “Additional BOOTP/DHCP Options” allows you to enter custom DHCP options.

Press the “Save” button to save the changes, and press the “Apply” button to apply changes, if necessary.

By now, your DHCP server should be up and running and ready to accept clients. In the next article, I will cover static DHCP mappings.

DHCP Configuration External Links:

DHCP server documentation at pfsense.org
BOOTP/DHCP options

© 2013 David Zientara. All rights reserved. Privacy Policy