Local DNS Records on different subnet
-
@stephenw10 so will that allow me to access my dns records pointing to traefik on my lan side, on my isp lan?
-
@jhmc93 said in Local DNS Records on different subnet:
dns records pointing to traefik on my lan side
DNS 'points' to A or AAAA addresses, TXT fleds, MX (mail server host names), CNAM (= other DNS fileds)
but not to traefik ? = traffic !? -
@Gertjan I have pi hole set up on my isp lan with an A record pointing to my traefik reverse proxy machine on my pfsense LAN
-
Yes that would allow your laptop to reach the DNS server behind pfSense.
Though I still advise against this entirely because it will cause problems down the line.
-
@stephenw10 what kind of problems?
-
@stephenw10 so I tried it on a test machine, so IP is different, but what have I done wrong??
-
Because it relies on the client being configured to reach it then any changes on the client may break it. And in this circumstance that would mean the client loses DNS. If Windows is updated for example.
Or if you add some other client you have to remember to add the static route.
I imagine I could think of at least 10 ways this could bite you.
I have seen many customers with similar setups where things mostly worked until they didn't.But for that one device it should work for now.
-
@stephenw10 look up, it hasn't worked unfortunately
-
Ok so 192.168.0.75 is the pfSense WAN IP address?
And 70.86.90.0/24 is the pfSense LAN subnet? A public /24 subnet?
That seems unlikely and you previously showed it as 192.168.11.0/24.
-
@stephenw10 so this is a test machine, not the actual machine that has the ip above, 70.86.90.0/24 is the test machine, 192.168.0.75 is the wan ip address as shown below
-
Then yes, that should work as long as firewall rules exist to pass it. And, of course, the target host in the LAN must allow it.
Start a continuous ping from the laptop then check the states on that test firewall to see if it's passing. Or the firewall logs to see if it's being blocked.
-
@stephenw10 ye it didn't work 4 me
-
@jhmc93 wa rulle should i have on firewall
-
A rule on WAN to pass traffic from your laptop to the internal host. Or to the full LAN side subnet.
I assume it shows blocked traffic in the log then?
-
@stephenw10 so how would i set the rule
WAN siide?
source?
destination lan subnet? -
On the WAN interface.
Source: The laptop IP address or the full WAN subnet
Destination: The LAN side host or the full LAN subnet
Protocol: icmp to allow pings or all to allow any traffic type.
-
@stephenw10 So this is the outcome:
The rule I have set:
-
You are pinging 70.86.90.1 but your rule is passing traffic for destination 70.86.90.2. So it's not matching.
I assume you are seeing those pings blocked in the firewall logs?
-
@stephenw10 yes it must be?? have a look at below picture:
-
@jhmc93 I'm not really following here, just one thing: you'll have to disable the 'Block private networks ...' on your WAN interface if your WAN IP is a private address. Which 192.168.0.75 is.
-
P patient0 referenced this topic on
