Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No DNS

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Seven001
      last edited by

      I've tried setting up pfSense for a client who hosts his own web servers and mail server. The problem I've run into is that 2 of the 3 servers can't seem to resolve host names even when I specify DNS servers on them directly. The difference between these 2 and the unaffected server is that the unaffected server receives traffic from the main IP address while the other two receive traffic destined for Virtual IPs. Still, I don't see why that would affect outgoing DNS requests. Any ideas?

      1 Reply Last reply Reply Quote 0
      • ?
        Guest
        last edited by

        It means you set up your NAT incorrectly.  Chances are that you set up port forwards using the VIPs as external addresses instead of setting up proper 1:1 NATs.  It happens all the time.  Set up 1:1 NAT mappings instead of port forwards and you'll be fine.

        1 Reply Last reply Reply Quote 0
        • S
          Seven001
          last edited by

          Thank you submicron.

          One question regarding that. Can I set up firewall rules to restrict access to only the ports I want to be accessible publicly? Or is it something I need to do server-side?

          1 Reply Last reply Reply Quote 0
          • B
            blak111
            last edited by

            You just have to create the block rules on the WAN interface.

            1 Reply Last reply Reply Quote 0
            • ?
              Guest
              last edited by

              The WAN is default deny.  The firewall rules you have in place already are likely sufficient.

              1 Reply Last reply Reply Quote 0
              • S
                Seven001
                last edited by

                Odd, but I removed the port forwards and set up 1:1 for the VIPs and I still cannot access the internet from them.

                1 Reply Last reply Reply Quote 0
                • B
                  blak111
                  last edited by

                  Is it just DNS, or is it all traffic?

                  1 Reply Last reply Reply Quote 0
                  • S
                    Seven001
                    last edited by

                    Before, it was just DNS. I was able to access web sites by IP address. It was also just outgoing traffic and the servers were accepting incoming requests fine. After removing the port forward rules and making it just 1:1, no traffic gets through in either direction.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.