Transparent Firewalling seems to block DNS Lookups internally
-
Greetings folks -
After a really nice long google search I ended up here …
I searched and searched the forums - but alas - think i might need to post this as a question ... as I have yet to find the solution.In short we have a number of ip's a client of ours is looking to setup PFSense as a transparent bridge/firewall for.
Setup is as follows
Incoming Ethernet Connection from Data Center
|
|
|
SWITCH
|
|
|
PF SENSE WAN (IP 216.119.x.x)
~ ................................................................................................... external ip for management 24.182.x.x
~| | | SWITCH ~ ~ Their Systems ~~~~~~~~~~ running ip ranges 216.119.x.x 67.184.x.x 65.194.x.x so here is the deal - we allowed all traffic for any protocol on LAN We then setup the WAN to allow TCP: 20,21,22,25,53,80,110,125,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,55555,55553 UDP: 20,21,53,113,123,873,953,6277,33434:33523 Both TCP and UDP for port 53 are allowed - however clients internally are unable to resolve dns requests. (all but one) This is a transparent firewall - so not really sure what the deal is - just know its annoying Anyone have any ideas? -
if you setup your pfsense as a DNS, and force the user to use this DNS (do this if you use transparent proxy), the user will request :53 from LAN interfaces for DNS services.
user == LAN ==> pfsense :53 == WAN ==>…
So your settings for WAN may cause the problem. Replace by LAN settings
-
We then setup the WAN to allow
TCP: 20,21,22,25,53,80,110,125,143,443,465,953,993,995,2077,2078,2082,2083,2086,2087,2095,2096,3306,55555,55553
UDP: 20,21,53,113,123,873,953,6277,33434:33523Both TCP and UDP for port 53 are allowed - however clients internally are unable to resolve dns requests. (all but one)
What DNS servers are assigned to the clients?
The ports open on the WAN tab are for incoming traffic on the WAN interface only. Users requesting DNS resolution use your "allow all" rule on the LAN tab.
