Portfowarding not working
-
yes i have two dns severs and i have 5 static ips two are used for the dns servers. yes i enabled tcp/udp
-
Can you post:
-
A diagram of your network, with IP ranges
-
A screenshot of the port forward rules
-
A screenshot of the WAN interface rules
-
A screenshot of the rules for the interface the DNS servers are on
-
Confirmation that the DNS servers can reach the Internet
-
-
here is my network diagram
http://www.gliffy.com/pubdoc/2123917/L.pngportfowarding rules
http://i1008.photobucket.com/albums/af204/sinnersaintx/pfsenseoopenwirelessnet-Firewall-NA.pngfirewall rules
Both server can ping yahoo.com
-
Nothing obviously wrong there.
It would be worth checking (tcpdump/wireshark) to see if the packets are reaching your DNS servers and if they aren't to see if they are reaching your pfSense host.
-
i dont see any dns traffic. when i open it with wireshark it says no pakets.
-
Nvm, I missed that you are testing your servers with an external tool…
-
i have nat refection unchecked. why do i need split DNS if i have my own name servers?
-
So, run tcpdump on pfSense - then you'll see if the packets are reaching the pfSense host.
-
im sorry but how do i do that?
-
i did it but it doesn't show anything
-
Then it suggests the packets aren't reaching your pfSense host.
One question, in your diagram you show your IP allocation as being 67.40.148.248/29. With that in mind, what's the default gateway? I see you're using .249 (typo in the diagram as 149), 250 and 251. .248 is the network address and .255 is the broadcast. That leaves .252 to .254, but you're using .254 for pfSense, so is it .252 or .253?
Also, have you configured VIPs for the other IP addresses?
-
67.40.148.248 is reserved .254 is for pfsense 255 is broadcast so .249 to .253 are usable. my isps default gateway is 63.231.10.241 which is set by pppoe. I have vips for the five usable ips
-
I assume your DNS servers can reach the Internet, as can the other hosts on the network? Having an off-network default gateway is odd, but I'm assuming that's normal for PPPoE (which I've never used).
If so, time to contact your ISP - if the packets aren't reaching the pfSense host then it means they are either blocking the traffic or there's a routing issue.
-
my dns servers can reach the internet and all other host on my network. I called my isp and they said that no ports where being blocked. but i noticed that i can reach my ispconfig server by useing the external ip http://67.40.148.249:8080 but when i us the domain name http://web1.dial4tech.com:8080 it wont work. when i do did on my dns servers it says connection timed out; no servers could be reached
-
Yes - if your DNS servers can't be reached then you can't use DNS names in your domain to reach any services on your domain… That really shouldn't be a surprise - and frankly if it is I'm not sure you should be running your own DNS servers (yes, I know that's a little harsh - but it's also true). Also note that I can't reach that URL you refer to - it's timing out for me - I'm assuming you remembered to do these tests from outside your own network.
At this point everything you've posted suggests either that you've got another device upstream that does filtering (DSL modem?) or your ISP is port blocking and their staff don't know that.
-
i understand how dns works i was just telling you that so you could understand better my situation. being able to reach my server with external ips means that they are working but my dns is being blocked some how. my isp says they aren't blocking anything. so i was thinking it may be my dns registrar.
-
Doubt it's your registrar since I can't hit your DNS servers directly with any port testing tool, using their IP.
Note that from the Internet I cannot reach the web server you specified.
-
it seems like my internal ips are only working on my lan. when i try to access the ip http:67.40.148.249:8080 outside my lan it wont work but i can on my lan. maybe my virtual ips aren't working.
-
Can you post a screenshot of the VIP configuration?
-
