2 weeks still nothing.
-
@steveits hey thanks for replying. I should have been a bit more clear - this will be confusing. I had to configure pfsense wireless as the lan interface and configured the pfsense wan as the wired connection to my router - this is backward because I couldn’t make it work any other way but I’m just seeing that maybe this is part of the problem. I cannot use pfsense for the wired clients mainly due to lengths but also because the pfsense router only has a single Ethernet port.
I don’t know if Nat is forwarding however a Nat rule was set for the dns but I’m not sure it’s working.
Yes my dns server is on my lan same subnet as all devices. 192.168.1.x
I did try setting a rule for lan in pfsense but I think I need to look at it again I’m definitely getting mixed up over wan being lan and lan being wireless.
I’ll try and get a diagram up but it’s technically quite simple - pfsense wired to modem/router and dns server wired to modem router also. Anything else connects wired to the modem router and is not really relevant at this point. Only need wireless clients connected to pfsense to be directed to the dns server and obviously have internet access.
-
@pfsensenewbie1 Can you use a site like https://lucid.app to put together a quick diagram?
-
@rcoleman-netgate I didn’t know such a thing existed. Will sign up and post when I have one.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
pfsense wired to modem/router and dns server wired to modem router also
You mean a gateway then. And there would be nothing special to do with such a setup.
Out of the box pfsense lan rule is any any.. So if pfsense wan is 192.168.2/24 for example, and you have some device behind pfsense on say 192.168.1/24 it would by default be able to talk to anything on the 192.168.2 network.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
Only need wireless clients connected to pfsense to be directed to the dns server and obviously have internet access
And these wireless are behind pfSense? Then you could set up pfSense to forward requests to your DNS server.
https://docs.netgate.com/pfsense/en/latest/services/dns/resolver-config.html
see "DNS query forwarding" section.If this is to resolve a private domain there are also domain or host override settings.
Might be easier to get it functioning, then try to redirect DNS.
-
@johnpoz yes the modem router I suppose is acting as a gateway.
Have attached diagram.
The wan on pfsense is actually the lan in my network. Confusing I know.
-
@pfsensenewbie1 That simplifies it for me. :) Setting it to forward DNS to your DNS server IP should work.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
Confusing I know.
no not at all.. And again - the default rules in pfsense would allow you to talk to anything on its wan, or anything beyond that - ie the internet
You talking your dns server on pfsense "wan" is no different than you talking to say 8.8.8.8 for dns.
This would work out of the box for your wireless clients. Unless you were policy routing traffic out some vpn you setup on pfsense. Or you turned off the automatic outbound nat pfsense would be doing. Or you created rules on pfsense lan that prevented access.
Or you have overlapping networks on pfsense wan and its lan.
-
@steveits yep, precisely what I’m trying to do. Currently cannot access gui of pfsense from my lan but can access through wireless devices. Pfsense cannot see internet at all unless dhcp is used and dns-resolver appears to not be working (or I did something wrong). I know I’m nearly there as wireless clients can get on the net, meaning bridge is working and firewall is forwarding it’s just the small parts that are causing issues mainly not having the gui from lan devices and pfsense not doing Nat for whatever reason.
-
@pfsensenewbie1 No you wouldn't be able to access pfsense gui on its "wan" address because out of the box nothing is allowed, and there is also the default block rfc1918 (source) into pfsense even if you create a rule to allow access on pfsense "wan"
If you point your wireless clients to your dns server - lets call it 192.168.10.100 - out of the box they would be able to talk to that server. So unless you did or are doing some of the things I mentioned before - your wireless client should have no issues talking to the IP address of your dns server. Now maybe your dns servers firewall is blocking? Seems unlikely because out of the box clients would be coming from the pfsense "wan" IP because of the automatic nat.
-
@johnpoz not sure tbh that’s a lot to check and think about but honestly I have been banging my head on a wall for too long. Anyway the pfsense cannot ping anything on internet but can all devices on lan wired or wireless. If I enable dhcp this part changes but still the Nat doesn’t seem to be going to my server.
-
@pfsensenewbie1 pfsense "wan" that is plugged into your gateway should be set to dhcp - it would get an IP address from your gateway just like any other device on that network.
You just need to make sure the "lan" network does not overlap that. If your isp devices network is 192.168.1/24, then use 192.168.2/24 for devices on your pfsense "lan"
This works out of the box there is nothing for you to do for this to work.. Turn on pfsense, and this would work - as long as pfsense is actually getting an IP on your gateways network. And the pfsense lan network doesn't overlap that network.
-
@johnpoz hmmm so to get gui access I either have to find a way to allow lan clients to access it or just use wireless. What about the dhcp issue any ideas on that? I would prefer the iPhone to not change hence I prefer static but if pfsense can’t see the internet can I be sure the Nat is forwarding to my dns?
-
@pfsensenewbie1 what are you using for wireless behind pfsense - if your trying to use the wireless of your "gateway" device - that no there is not going to work and is a complete mess.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
can I be sure the Nat is forwarding to my dns?
You can for setup pfsense to forward to yoru dns server, and clients behind it points to pfsense lan IP for dns.. If that is what you want.
But you seem to be confused on what - what network is your gateway handing out, what network are you using? 192.168.0, .1. what?
What network is pfsense lan network? What is providing the wireless for devices behind pfsense?
-
@johnpoz yes I had issues with dhcp not getting an ip but seems randomly to not work. Today I checked and dhcp had no ip on wan so went to static - but perhaps this doesn’t matter as clients cannot get to the gui from lan anyway as was mentioned. Hmmm. Ok I’ll enable dhcp on wan and see if I can get access restored but surely static should work also?
-
@pfsensenewbie1 said in 2 weeks still nothing.:
but perhaps this doesn’t matter
Not getting a dhcp - the solution is not to go to static. Because if dhcp isnt working points to connectivity issue, so static never going to work either. I would of looked to why pfsense wan doesn't its dhcp address from your gateway.
And I have a funny feeling your trying to leverage wifi off your gateway as pfsense lan.. Or you have overlapping IP ranges.
But your setup as drawn is clicky clickly workie workie with really nothing to do.. Other than making sure your pfsense wan and lan network do not overlap.. And your not trying to leverage your gateway wifi as pfsense lan network.
-
@johnpoz ok - so lan interface on pfsense must be on a different subnet? That’s one thing I didn’t do. Can wan interface be on same subnet as modem/router? My entire network is currently using 192.168.1.x.
-
@johnpoz no I’m aware clients connected to the gateway (modem/router) cannot use pfsense - I did originally want all clients to use it but just not possible as it is. I know my diag is crap just to illustrate. Modem/router 192.168.1.1 dns server 1.2 pfsense wan interface 1.4 and tried setting pfsense lan to 1.3 - with gateway dishing out dhcp to everything. Will try different subnet for lan interface and test but getting late so willl update tomorrow. Thanks all for help.
-
@pfsensenewbie1 said in 2 weeks still nothing.:
so lan interface on pfsense must be on a different subnet?
yeah - how do you think it routes if both its interfaces are in the same network? It wouldn't even let you create a static on pfsense wan that overlapped with your lan network.
If your using 192.168.1/24 on pfsense "wan", ie your gateway lan - what is pfsense "lan" this should be something different say 192.168.2/24
What is providing wifi behind pfsense? You have AP, your trying to use some other wifi router as just an AP?
If your gateway is 192.168.1 network - then set pfsense lan to say 192.168.2.1/24 address. Plug its wan into your gateway network as dhcp and shazam all workie... Now if you want clients behind pfsense to use your dns server, then either point them directly to that, or have pfsense forward to it, and have your clients use pfsense 192.168.2.1 address as their dns - this would what would be default handed to dhcp clients behind pfsense.
If you then want clients on your pfsense wan to be able to hit the pfsense gui, then turn off the block rfc1918 rule on your wan, and create a wan firewall rule to allow access to your gui port on the wan address.
