Local DNS Records on different subnet

jhmc93 · Dec 11, 2024, 6:18 PM

@johnpoz so because I says that pfsense runs off an ethernet powerline plug, I currently have 1GB connection into my home, because of pfsense being ran off the plug in a different room I've seen the max speed of 60mbps when I've ran a speed test

stephenw10 · Dec 11, 2024, 6:21 PM

That's pretty bad for powerline Ethernet. I've seen them pass 1G without issue. If they're new enough.

Somethings you have to try to work-around. But somethings you don't and if you can avoid it your life will be much easier!

johnpoz · Dec 11, 2024, 7:40 PM

@jhmc93 well I would really look to correcting that.. Either different powerline adapters or best is run an actual wire.. Move pfsense if you have to, etc.

But why would anyone paying for gig want any devices anywhere on their network only seeing 60mbps? If it was a limit of your wifi ok, but slow wifi these days is 200mbps not 60...

jhmc93 · Dec 26, 2024, 5:21 PM

@johnpoz that's why I use my main stuff like laptop, pc, game consoles, phone, tablet etc offf my isp wifi or hardwired directly into isp router so I get the full speed, as for the pfsense side I wanted to keep that separate just for my server usage.

@stephenw10 I think the wiring in my house is old so it kinda slows the download speed down, as I have checked through TP Link app it talking to the other powerline plug at 253mb but slows down when hits pfsense

johnpoz · Dec 26, 2024, 5:58 PM

@jhmc93 said in Local DNS Records on different subnet:

other powerline plug at 253mb

yeah that number is like phy in wifi, your never going to actually get to that speed.

jhmc93 · Apr 4, 2025, 5:55 PM

@stephenw10 I haven't resolved this issue my firewall rules are the following, this is being tried on a test machine but I'm unable to ping the machine off my laptopp on my isp router to the linux ubuntu server or connect via ssh? what am I doing wrong?

stephenw10 · Apr 5, 2025, 8:56 AM

If you're still trying to connect from a laptop in the pfSense WAN subnet to a server in the LAN subnet the primary thing you need is a route to allow it.

That probably means adding a static route to the laptop directly. It has to be a route to the LAN subnet via the pfSense WAN address.

Without that the laptop will send that traffic via it;s default gateway which is the ISP router. And that probably has no idea where to route it so will either drops it or send it to the ISP... where it will be dropped.

jhmc93 · Apr 5, 2025, 8:56 AM

@stephenw10 so what your saying is I need to add a static ip to the laptop on the isp side?,
As u can see I did a route in that screenshot above but my laptop is getting it IP from the DHCP server on isp side

stephenw10 · Apr 5, 2025, 3:58 PM

You need to add a static route to the laptop so it sends that traffic to pfSense instead of the ISP router.

I'm not seeing any screenshots showing routes. But to be clear that route has to be added to the laptop directly in this setup.

jhmc93 · Apr 5, 2025, 8:11 PM

@stephenw10 so how would I go about doing that?
Change the gateway via static IP on laptop?

jhmc93 · Apr 5, 2025, 8:13 PM

@stephenw10 is this not a route?

stephenw10 · Apr 5, 2025, 9:57 PM

Those are firewall rules.

What operating system is your laptop running?

jhmc93 · Apr 5, 2025, 10:30 PM

@stephenw10 Windows 11

stephenw10 · Apr 6, 2025, 11:53 AM

OK so at the Windows command prompt do something like:
ROUTE -P ADD 192.168.11.0 MASK 255.255.255.0 192.168.0.100

Where 192.168.11.0/24 is the pfSense LAN subnet and 192.168.0.100 is the pfSense WAN address. I don't think you ever said what the WAN address is so replace that. Earlier in the thread it looked like the pfSense LAN was using 10.84.0.0 so if it is then replace that.

If you then run ROUTE PRINT in the laptop you should see that route in the table so it then knows how to reach the pfSense LAN.

jhmc93 · Apr 7, 2025, 1:10 PM

@stephenw10 so will that allow me to access my dns records pointing to traefik on my lan side, on my isp lan?

Gertjan · Apr 7, 2025, 1:10 PM

@jhmc93 said in Local DNS Records on different subnet:

dns records pointing to traefik on my lan side

DNS 'points' to A or AAAA addresses, TXT fleds, MX (mail server host names), CNAM (= other DNS fileds)
but not to traefik ? = traffic !?

jhmc93 · Apr 7, 2025, 1:17 PM

@Gertjan I have pi hole set up on my isp lan with an A record pointing to my traefik reverse proxy machine on my pfsense LAN

stephenw10 · Apr 7, 2025, 2:16 PM

Yes that would allow your laptop to reach the DNS server behind pfSense.

Though I still advise against this entirely because it will cause problems down the line.

jhmc93 · Apr 7, 2025, 5:18 PM

@stephenw10 what kind of problems?

jhmc93 · Apr 7, 2025, 5:46 PM

@stephenw10 so I tried it on a test machine, so IP is different, but what have I done wrong??