pfSense and NAS port opening
-
@steveits said in pfSense and NAS port opening:
Screenshot of the override?
@steveits said in pfSense and NAS port opening:
Run "nslookup hostname ip-of-pfsense" and see what it answers.
PS C:> nslookup hostname xx.yy.zz.218 Server: host-xx-yy-zz-218.retail.telekom.it Address: xx.yy.zz.218 *** host-xx-yy-zz-218.retail.telekomi.it non รจ in grado di trovare hostname: Non-existent domain PS C:>Well, now what? Why "Non-existent domain"?
-
@airone-0 Sorry, I meant to use your hostname and the LAN IP of pfSense. So
nslookup yours.synology.me 192.168.0.1
that will show you what pfSense is providing for DNS.
-
@airone-0 said in pfSense and NAS port opening:
xx.yy.zz.218
That is IP address of pfsense.. You didn't even ask for the fqdn you put in which is something.synology.me
Here..
Where 192.168.9.253 is the IP address of my pfsense where unbound (resolver) where I put in the host override.
When you don't actually use the actual fqdn, host.doman.tld with nslookup it quite often will use a search suffix and ask for whatever domain your machine is in..
example see where I only ask for aaahost, but the question that gets asked to dns is with my local domain name attached.
set debug shows you the details of what is being asked, what is returned, etc.
you can also set where you ask other then your default NS.
-
Now I'm in total confusion, too much information.
Anyway...> myname.synology.me Server: host-xx-yy-zz-218.retail.telekom.it Address: xx.yy.zz.218 ------------ Got answer: HEADER: opcode = QUERY, id = 7, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: myname.synology.me.NetgateDomain, type = A, class = IN AUTHORITY RECORDS: -> (root) ttl = 2855 (47 mins 35 secs) primary name server = a.root-servers.net responsible mail addr = nstld.verisign-grs.com serial = 2023042800 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 8, rcode = NXDOMAIN header flags: response, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: myname.synology.me.NetgateDomain, type = AAAA, class = IN AUTHORITY RECORDS: -> (root) ttl = 2855 (47 mins 35 secs) primary name server = a.root-servers.net responsible mail addr = nstld.verisign-grs.com serial = 2023042800 refresh = 1800 (30 mins) retry = 900 (15 mins) expire = 604800 (7 days) default TTL = 86400 (1 day) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 9, rcode = NOERROR header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 1, authority records = 0, additional = 0 QUESTIONS: myname.synology.me, type = A, class = IN ANSWERS: -> myname.synology.me internet address = 172.18.0.10 ttl = 3600 (1 hour) ------------ ------------ Got answer: HEADER: opcode = QUERY, id = 10, rcode = NOERROR header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: myname.synology.me, type = AAAA, class = IN ------------ Nome: myname.synology.me Address: 172.18.0.10 >It would appear that the binding set by Host Override between myname.synology.me and the internal IP of the NAS exists (last two lines). Big problem for me, how do we get out of this?
-
@airone-0 said in pfSense and NAS port opening:
Big problem for me, how do we get out of this?
out of what? That seems like working fine to me.. Windows loves to add suffix to queries - you could put a . on the end of your fqdn if you don't want to let windows add its search suffix domains.
Or you could setup windows NOT to ever do that..
-
@airone-0 said in pfSense and NAS port opening:
how do we get out of this?
From the screenshot it looks like you ran nslookup which opens its own command line. "Exit" or CTRL+C should get you out.
"Server: host-xx-yy-zz-218.retail.telekom.it
Address: xx.yy.zz.218"...that looks like you are not using pfSense LAN IP for your DNS? What is the .218 address?
-
@johnpoz said in pfSense and NAS port opening:
That seems like working fine to me..
We've gotten away from the problem: I can't contact the NAS from my PC if I use DNS myname.synology.me or xx.yy.zz.218 instead of the local IP of the NAS.
This is the situation:
NAS - 172.18.0.10
PC - 192.168.0.2
Dynamic IP from ISP (myname.synology.me) - xx.yy.zz.218- The IP I entered in the override is the local one of the NAS, the DNS entered in the override (host name + host domain) is currently resolved with the same IP reported for the WAN on the dashboard.
- The PC I'm using now is connected to the Netgate LAN (192.168.0.2). Using NAS local address (172.18.0.10) it also can connect the NAS and its servers. Using the external IP from ISP (xx.yy.zz.281 or dns myname.synology.me, the PC cannot contact the NAS.
- If I disconnect this PC from the local network and connect it to an external network (via mobile wifi), the PC immediately connects to the NAS server using the external IP from ISP (xx.yy.zz.281 or dns myname.synology.me.
That's all (folks).
-
@airone-0 said in pfSense and NAS port opening:
I can't contact the NAS from my PC if I use DNS myname.synology.me or xx.yy.zz.218 instead of the local IP
Right which would typically mean it's either a DNS problem or a NAT reflection problem. Figuring out to what myname.synology.me resolves will tell you.
If it's resolving to 172.18.0.10 then there is no reason within pfSense why it won't work using myname.synology.me if it works using 172.18.0.10, since that is the same as far as pfSense knows. Is that hostname properly configured on the NAS?
-
@steveits said in pfSense and NAS port opening:
Is that hostname properly configured on the NAS?
There doesn't appear to be a Hostname to set, perhaps a Server Name.
-
I have tried deleting all DNS servers from DHCP servers settings and from System / General Setup. Then from
Diagnostics / Command Prompt I rannslookup myname.synology.meand I received as an answer
Servers: 127.0.0.1 Address: 127.0.0.1#53 Name: myname.synology.me Address: 172.18.0.10Same thing done by the PC client with this answer:
Server: UnKnown Address: 192.168.0.1 Name: rmyname.synology.me Address: 172.18.0.10Now the App on the PC is connected, but if I had to tell you why it's working now, I couldn't explain it.
Do you have an answer? -
@airone-0 said in pfSense and NAS port opening:
Do you have an answer?
We already went over that answer - if your not asking the dns where you setup the override, then no your override wouldn't work..
If I ask billy for john's phone number, and billy doesn't even know a john how would he know john's phone number..
Not sure what your pc is asking, 192.168.0.1 - is that pfsense?? If so then it should resolve the PTR for the server name, and not come back unknown..
As to that first example - that is just asking itself, ie lookback 127.0.0.1, where it actually gets forwarded you would have to check on wherever system that was - your nas?
