Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Cannot access from LAN

    Scheduled Pinned Locked Moved General pfSense Questions
    9 Posts 3 Posters 3.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kin0kin
      last edited by

      I'm not sure if this is the right place as I do not know what seems to be the problem.

      Currently I have the following setup:

      *Dynamic DNS - Namecheap
      *Domain - mydomain.com
      *Servers: 192.168.1.100, 200
      *Port: 5000, 3000, 32400 (and etc)

      I have 192.168.1.100:32400 set as Plex Media Server, I have also fowarded the port in NAT with the WAN interface.

      I could access the server from the net by going to mydomain.com:32400. However, from within my own network, lan/wan, if I punch in the same address, I am unable to connect to the server. I would need to manually enter 192.168.1.199:32400 in order to access it.

      What seems to be the problem?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        Because of this:
        https://doc.pfsense.org/index.php/Why_can%27t_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks%3F

        Steve

        1 Reply Last reply Reply Quote 0
        • K
          kin0kin
          last edited by

          Thanks!

          Here's what I have done:

          #1 - Enable DNS Forwarder
          #2 - Enabled Register DHCP leases in DNS forwarder
          #3 - Enabled Register DHCP static mappings in DNS forwarder
          #4 - Interfaces: all
          #5 - Host Override

          Host: www
          Domain: mydomain.com
          Ip Address: 192.168.1.100 (Plex Server)
          Alias: plexserver

          (FQDN of the server is plexserver.mydomain.com)

          #6 - Reboot Server
          #7 - Check DNS Server = 192.168.1.1 (Same as router/gateway) = OK

          Result: Cannot resolve

          I then went on to fowarded port from
          #1 - LAN - Port 32400, redirect ip 192.168.1.100

          Result: Cannot resolve

          what seems to be the problem?

          1 Reply Last reply Reply Quote 0
          • K
            kin0kin
            last edited by

            Alright I figured out the problem, looks like even the client must be pointed to pfsense as the DNS server in order for it to work. Which means I also need to manually point reconfigure all the AP to point to pfsense as the DNS server.

            Question:
            If I were to perform split dns on my own DNS server, do I just simply disable dns fowarder and leave NAT translation disabled as well?

            1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator
              last edited by

              "Which means I also need to manually point reconfigure all the AP to point to pfsense as the DNS server."

              When you say AP - you mean Access Point right?  APs do not provide dns normally - since they are not the gateway, just an AP and don't normally provide dhcp or dns..  They are just the connection from wireless to wired.

              The common setup is that your gateway router provides dhcp, dns..  Now sure you can point dns elsewhere and use something else to provice dhcp in your network.  For example if you run AD, then all clients should point there for dns and normally it provides dhcp.

              But I have never ever ever seen an AP used as dns – so unless your double natting, and not really AP I don't see why you should have to change anything on your AP.  Nor do I understand why all your clients don't already talk to pfsense as your dns caching resolver?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              1 Reply Last reply Reply Quote 0
              • K
                kin0kin
                last edited by

                You are right. While I was going back to check out the APs, there were no option to set DNS server. Some configurations within pfsense is a little confusing like multiple areas for DNS address and etc. I had some trouble with DNS not being assigned properly and what not but it's all fixed now.

                Here's what I've done:

                System -> General Setup -> 8.8.4.4, 8.8.8.8
                Unchcked: Allow DNS server list to be overridden by DHCP/PPP on WAN
                Unchecked: Do not use the DNS Forwarder as a DNS server for the firewall

                System -> Advanced -> Firewall/NAT
                NAT Reflection mode for port forwards: Disabled

                Services -> DHCP Server
                Checked: Enable DHCP server on LAN_INTEL interface
                DNS servers: Left Blank*

                *Initially I had google public dns server in here and it caused a mess. SOME clients were automatically assigned these DNS instead of the default ip of the pfsense machine.

                This is all good now. But I have some other concerns, which I will open another thread instead.

                1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator
                  last edited by

                  System -> Advanced -> Firewall/NAT
                  Network Address Translation: Disabled

                  What??  So are just routing with pfsense?  This is not something that sounds like you should of done..  If your doing "port forwards"  You only "port forward" when there is NAT, if your not natting then you just need to allow the traffic with firewall rules.

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    There is no option to disable NAT entirely in System: Advanced: Firewall/NAT: I think it's just a typo. The only option there you can set to disabled is "NAT Reflection mode for port forwards", which is disabled by default and should be if you're using DNS overrides instead.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • K
                      kin0kin
                      last edited by

                      Sorry made a mistake, already amended the post:

                      System -> Advanced -> Firewall/NAT
                      NAT Reflection mode for port forwards: Disabled

                      I think this problem is resolved.

                      Please kindly see this thread for a more troublesome problem:
                      http://forum.pfsense.org/index.php/topic,70483.0.html

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.