advanced configuration

fejzulla.neziri

hi, i need a bit help?

Pfsense with triple WAN
(WAN1= static IP 1.1.1.1/29 100mbps up down
WAN2= static ip 2.2.2.2/29 100mbps up down
WAN3= static ip 3.3.3.3/20 ( uses dynamic IP just for speed 100mbps up down

LAN1 10.10.10.0/23 For all network and 2 servers ( Domain Controller , and wifi controller)
LAN2 192.168.40.0/24 for server Webserver1 Webserver2

LAN2 i prefer only from WAN1 to use these ip addresses 1.1.1.3 and 1.1.1.4
also LAN2 gateway is WAN1 *

i also use multiwan * gateway groups, also tier1 2 and 3 and speed is 300/300 excellent (LAN1 i gateway multiwan group)

i using also pfblockerNG

so the problem is:
webserver1 uses 1.1.1.3 and webserver2 uses 1.1.1.4 (i did these from virtual IP , nat and everything is fine.

Problem is that in local network i cant surf domain from both webserver , and from outside everything works.
i tryed
NAT Reflection mode for port forwards
Enable NAT Reflection for 1:1 NAT
Enable automatic outbound NAT for Reflection

also services dns resolver
Host Overrides added domains but nithing
i have no idea what can do more.

i tryed also to seperate WAN2 just for LAN2 with own Lan card and switch but no luck.

if someone know what can try let me know.

Thank you
Fejzula

viragomann

@fejzulla-neziri said in advanced configuration:

also services dns resolver
Host Overrides added domains but nithing

This is the preferred method to go, presumed your local computers use the DNS Resolver to resolve host names.

So ensure that they do conventional DNS requests, not DoH.

Consider to redirect all DNS requests to the localhost on all internal interface and to block DoH with pfBlockerNG.

Also ensure that you firewall rules allow access to the web servers.