WAN TO LAN

jhmc93

@patient0 all ports are set in traefik config so local.example.com points to port 9000 in the traefik config so when u add the dns cname record it goes through pihole and traefik resolves local.example.com to port 9000 that's set in traefik yaml config

also are u saying due to my pihole being on my isp lan it wont connect to my traefik ip on the pfsense lan?

jhmc93

@patient0 r u there?

patient0

@jhmc93 Nope, it was nighttime.

See, I don't think I'll be able to help, I do lack the patient.

I read through your other thread "Local DNS Records on different subnet" (start in Nov '24) and @johnpoz and @stephenw10 know a lot more about networking than I do (plus I'm not even sure you are real anymore ;) , although persistent).

Up to now on this thread:

• ISP LAN 192.168.0.0/24
• pihole on ISP LAN IP 192.168.0.8
• pfSense WAN IP 192.168.0.? (192.168.0.75?)
• pfSense LAN network 10.84.62.0/24
• pfSense LAN IP 10.84.62.1 (correct?)
• Traevik server on pfSense LAN IP 10.84.64.5

But earlier you posted a screenshot of a NAT port forwarding rule to IP 70.86.90.2. What on earth is that IP? First it's a public IP and ... just don't do that. And besides where does that network come from?

On the other thread you suddenly show a WAN firewall rule with destination 192.168.11.11 and a bit later you set a route on your Windows 11 client but for network 70.86.9.0/24.

You really making your life and ours more difficult than necessary.

I don't know, invite some networking friend of yours to your home and set it up with him/her.

General: the routing solution that @stephenw10 suggested is probably better anyway since the DNS A record your pihole would return is correct for ISP LAN clients and pfSense LAN client.
With NAT you don't have to set a route on the clients but the pihole has to conditionally answer. For ISP LAN clients with the pfSense WAN IP and for requests from pfSense LAN (via pfSense WAN IP) with the 'real' Traevik IP 10.84.62.5. But I'm not even sure it would work.

jhmc93

@patient0 so, 79.86.90.1 is my test machine to see if I can get it going before I put it in production on my 10.84.62.0 lan pfsense,
Wouldn’t a rule in port forward.
Like what u did above but it redirects traffic to my trafeik ip from my pihole instance on my isp lan?

jhmc93

@patient0 guess it wouldn’t work then

patient0

@jhmc93 keep the DNS part in the other thread, it's already confusing and it's even more confusing if you have the same topic in two threads.

Help the other guys in the other topic and explain to them what 79.86.90.1 is. Or better change it to e.g. 10.86.90.1/24.

You write it's your test machine. But sure by now you realize that everything is about subnets. pfSense - or every router for that matter - has to know where to route traffic too.

192.168.0.0/24 being the ISP LAN network, 10.84.62.0/2 the pfSense LAN network. In all that you have a 79.86.90.0/24 network (or just an IP)? And really, it's a public routable IP/IP network, why on earth did you choose that? That IP range belongs to someone (https://ipinfo.io/79.86.90.1, Societe Francaise Du Radiotelephone - SFR SA).

jhmc93

@patient0 ok, used that because made it up. I told them on the other thread that it a test machine. My main machine is running all my services ie Plex etc, so didn’t wanna screw up which I tend to do being a newbie on pfsense, plus I have learning difficulties so I screw up very easy

Tidori

@jhmc93 said in WAN TO LAN:

So Hello,
I wanna be able to access my LAN ip's through my isp LAN so for eg "ssh from 10.84.62.5 to 192.168.0.1"
Also I want to access my dns records that are stored on my ISP LAN pihole that point to my traefik instance running on my pfsense LAN, is this possible? if so can someone please guide me on how to do this???
thanks
Hey! I’ve done something similar. To access 192.168.x.x from 10.84.x.x, you need proper routing between both LANs—either via static routes on your ISP router or by bridging interfaces if using pfSense. On pfSense, create a static route to 192.168.0.0/24 via your ISP LAN gateway. Also, allow firewall rules to permit traffic between the subnets.

For DNS via Pi-hole, make sure your Pi-hole is reachable from the other LAN and set pfSense or your clients to use it as their DNS server. Double-check Pi-hole allows queries from other subnets (Settings > DNS > Interface settings).

patient0

@Tidori said in WAN TO LAN:

For DNS via Pi-hole, make sure your Pi-hole is reachable from the other LAN and set pfSense or your clients to use it as their DNS server. Double-check Pi-hole allows queries from other subnets (Settings > DNS > Interface settings)

If you use LLM to generate answers, at least read through the thread to see what is it about.

patient0

@jhmc93 said in WAN TO LAN:

ok, used that because made it up. I told them on the other thread that it a test machine. My main machine is running all my services ie Plex etc, so didn’t wanna screw up which I tend to do being a newbie on pfsense, plus I have learning difficulties so I screw up very easy

If it's its own subnet for testing only that is a good practise. See the answer to superuser: What other IP addresses can/should I use for my home network? for which IP ranges to use.

jhmc93

@patient0 ok thanks