Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SPECIAL GATEWAY SETTINGS & REMOTE DNS SERVERS

    Scheduled Pinned Locked Moved DHCP and DNS
    7 Posts 3 Posters 471 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      Bambos
      last edited by

      Hello Everyone,

      I've been provided a "Special" gateway (Fortigate) to connect to a specific service & servers.

      So i'm using a dedicated port / interface on my pfSense just for that. I don't have any access on the WAN side of this "special" gateway, they just give me 1 IP Address on the LAN side.

      Settings Provided:

      LAN side Network: (pfSense as dhcp client)
      Network: 10.201.200.0/30 as dhcp client i got IP: 10.201.200.2 , gateway 10.201.200.1

      They have extra networks that are accessible over this gateway :
      10.97.200.0/25
      10.99.21.0/25
      10.98.21.0/25

      DNS Forwarders to: 10.97.200.51 and 10.97.200.52 for the domain aaa.bbb.local
      I should be able to access url: demo.aaa.bbb.local

      What settings do i have to perform on my pfSense, so i can access this server using the dns provided from another interface of pfSense (which is Local LAN6) ??
      any suggestions appreciated.

      S 1 Reply Last reply Reply Quote 0
      • S Offline
        SteveITS Rebel Alliance @Bambos
        last edited by

        @bambos To resolve demo.aaa.bbb.local on your pfSense, in "Domain Overrides" add two entries

        aaa.bbb.local 10.97.200.51
        aaa.bbb.local 10.97.200.52

        That forwards all queries for that domain to those two servers. Is that what you're looking for?

        Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
        Upvote ๐Ÿ‘ helpful posts!

        B 1 Reply Last reply Reply Quote 0
        • B Offline
          Bambos @SteveITS
          last edited by

          @steveits yes, one task is this, so i have to enable the dns forwarder and add the entries ?
          Also what about the routes ? Those networks are not exists. Do i have to enable static routing ?
          Do i also need NAT/outbound entries ? or is naturally NATED when outgoing ?

          S 1 Reply Last reply Reply Quote 0
          • S Offline
            SteveITS Rebel Alliance @Bambos
            last edited by

            @bambos You can add the entries to DNS Resolver. Either Resolver or Forwarder but you can't run both.

            Your pfSense would normally send packets for networks it doesn't know about to its gateway, so 10.201.200.1? It sounds like that router can access 10.97.200.51...?

            Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to reboot, or more depending on packages, and device or disk speed.
            Upvote ๐Ÿ‘ helpful posts!

            B 1 Reply Last reply Reply Quote 0
            • B Offline
              Bambos @SteveITS
              last edited by

              @steveits i can see in routing table that can access the DNS servers, but this is because are pushed through the dhcp client request.

              d5be51d9-680f-4bb7-a6f6-445e6a8f8549-image.png

              The other 2 networks , 10.99.21.0/25 , 10.98.21.0/25 are not exists.
              So for those 2 networks, to my understanding we need a static route configuration under system -> routing.

              and finally, i didn't understand yet if i need also NAT->outbound rules.

              Thank you for your comments.

              V 1 Reply Last reply Reply Quote 0
              • V Offline
                viragomann @Bambos
                last edited by

                @bambos said in SPECIAL GATEWAY SETTINGS & REMOTE DNS SERVERS:

                and finally, i didn't understand yet if i need also NAT->outbound rules.

                If the network behind the gateway doesn't know your local network and has no route for it, you need to nat the outbound traffic.
                If there are routes for your network, you don't need NAT rules.

                However, if your outbound NAT is working in automatic mode, pfSense should have added a NAT rule automatically to that interface, since you got a gateway assigned to it from the DHCP.

                B 1 Reply Last reply Reply Quote 0
                • B Offline
                  Bambos @viragomann
                  last edited by

                  @viragomann Hello Sir, is hybrid mode on outbound , and seems the traffic is nated , just like WAN interface. Thanks.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.