Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    ROUTING OVER 2ND WAN WITH REMOTE DNS SERVERS

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 398 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bambos
      last edited by

      Hello Everyone,

      I've been provided a "Special" gateway (Fortigate) to connect to a specific service & servers.

      So i'm using a dedicated port / interface on my pfSense just for that. I don't have any access on the WAN side of this "special" gateway, they just give me 1 IP Address on the LAN side.

      Settings Provided:
      LAN side Network: (pfSense as dhcp client)
      Network: 10.201.200.0/30 as dhcp client i got IP: 10.201.200.2 , gateway 10.201.200.1

      They have extra networks that are accessible over this gateway :
      10.97.200.0/25
      10.99.21.0/25
      10.98.21.0/25

      DNS Forwarders to: 10.97.200.51 and 10.97.200.52 for the domain aaa.bbb.local
      I should be able to access url: demo.aaa.bbb.local

      What settings do i have to perform on my pfSense, so i can access this server using the dns provided from another interface of pfSense (which is Local LAN6) ??
      any suggestions appreciated.

      M 1 Reply Last reply Reply Quote 0
      • M
        Myster_fr @Bambos
        last edited by Myster_fr

        @bambos Hi !

        Am I rephrasing this correctly :

        • you have a pfsense box with 2 "outbound" connections : 1 "direct", and another one through the fortigate.
        • you want to be able from LAN to resolve certain hosts through the DNS behind the fortigate
        • you want the traffic towards the 3 scopes you listed to be routed through the fortigate.

        If that is correct, I would probably start with :

        • setup a "Gateway" with the fortinet's IP address (so 10.201.200.1) => "system" => "Routing". Name the Gateway "Fortinet" for instance.
        • once the gateway has been set up, on the same page, go to "Static Routes", and configure 3 routes with the 3 /25 scopes you listed, and set the "Gateway" for them to be the one you just created ("Fortinet").

        Beware : the gateways are processed in the order they're set on this page. Make sure you have your default one (so basically your WAN interface) in the first position.

        Then, you will probably have to make sure NAT is properly configured for traffic going out of the pfSense interface which is connected to the fortinet.

        Finally, you'll have to configure the DNS part.
        Assuming that all the hosts behind the fortinet belong to bbb.local in your post :

        • go to "Services", "DNS Forwarder".
        • at the very bottom of the page, there's a "Domain overrides" section.
        • in this section, create an entry for domain bbb.local, and set the remote DNS server address in the "IP address" field (should be 10.97.200.51).
        • if there are other domains than bbb.local, repeat the above steps for every one of them.

        Try first with setting only one target server, if that works as expected, you should then be able to add a second entry with the second remote DNS server IP address.

        Now, considering you have a computer behind your pfSense which is configured to use the pfSense box as its DNS server :

        • resolving www.google.com should be done through your public DNS
        • resolving anything under bb.local domain should be resolved through the one behind the fortinet.
        B 1 Reply Last reply Reply Quote 0
        • B
          Bambos @Myster_fr
          last edited by

          @myster_fr Great!! thank you Sir. Looks like is working according your steps.
          Thanks a lot for suggesting the steps.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.