SPECIAL GATEWAY SETTINGS & REMOTE DNS SERVERS
-
Hello Everyone,
I've been provided a "Special" gateway (Fortigate) to connect to a specific service & servers.
So i'm using a dedicated port / interface on my pfSense just for that. I don't have any access on the WAN side of this "special" gateway, they just give me 1 IP Address on the LAN side.
Settings Provided:
LAN side Network: (pfSense as dhcp client)
Network: 10.201.200.0/30 as dhcp client i got IP: 10.201.200.2 , gateway 10.201.200.1They have extra networks that are accessible over this gateway :
10.97.200.0/25
10.99.21.0/25
10.98.21.0/25DNS Forwarders to: 10.97.200.51 and 10.97.200.52 for the domain aaa.bbb.local
I should be able to access url: demo.aaa.bbb.localWhat settings do i have to perform on my pfSense, so i can access this server using the dns provided from another interface of pfSense (which is Local LAN6) ??
any suggestions appreciated. -
@bambos To resolve demo.aaa.bbb.local on your pfSense, in "Domain Overrides" add two entries
aaa.bbb.local 10.97.200.51
aaa.bbb.local 10.97.200.52That forwards all queries for that domain to those two servers. Is that what you're looking for?
-
@steveits yes, one task is this, so i have to enable the dns forwarder and add the entries ?
Also what about the routes ? Those networks are not exists. Do i have to enable static routing ?
Do i also need NAT/outbound entries ? or is naturally NATED when outgoing ? -
@bambos You can add the entries to DNS Resolver. Either Resolver or Forwarder but you can't run both.
Your pfSense would normally send packets for networks it doesn't know about to its gateway, so 10.201.200.1? It sounds like that router can access 10.97.200.51...?
-
@steveits i can see in routing table that can access the DNS servers, but this is because are pushed through the dhcp client request.
The other 2 networks , 10.99.21.0/25 , 10.98.21.0/25 are not exists.
So for those 2 networks, to my understanding we need a static route configuration under system -> routing.and finally, i didn't understand yet if i need also NAT->outbound rules.
Thank you for your comments.
-
@bambos said in SPECIAL GATEWAY SETTINGS & REMOTE DNS SERVERS:
and finally, i didn't understand yet if i need also NAT->outbound rules.
If the network behind the gateway doesn't know your local network and has no route for it, you need to nat the outbound traffic.
If there are routes for your network, you don't need NAT rules.However, if your outbound NAT is working in automatic mode, pfSense should have added a NAT rule automatically to that interface, since you got a gateway assigned to it from the DHCP.
-
@viragomann Hello Sir, is hybrid mode on outbound , and seems the traffic is nated , just like WAN interface. Thanks.