PfSense blocking nameservers on Virtualmin?
-
So, I disconnected the Switch and connected pfSense LAN direct to the server.
I used another Internet connection to try to bring up the website (default gateway 192.168.1.180 to old router settings) and nothing. The VoIP phone (default gateway 192.168.1.155 to pfSense LAN) also on the server didn't work.I connected pfSense LAN back into the Switch and the server's cable from the switch back into the server and my LAN was able to ping it and the VoIP phone (default gateway 192.168.1.155 to pfSense LAN) worked, but website (default gateway 192.168.1.180 to old router settings) still won't show via pfSense.
-
Dude I have been busy with RL last view days – this is NOT freaking rocket science.. When I was on your system your nameser, what you keep calling virtualmin was NOT answering a query from your own local network.. So nothing that we do on pfsense is going to fix that.
virtualmin is just some freaking software to help host websites for clients.. It dos NOT provide dns - your underlaying dns software would do that - I would assume BIND if running on linux
http://www.virtualmin.com/
Install your Operating SystemStart with a freshly installed, Grade A supported Operating System on your server or VPS. CentOS and Ubuntu LTS are popular OS's for hosting..
So lets forget that, lets forget using it to toubleshoot basic network and applications. Does your your OS your running virtualmin on point to pfsense to for a gateway for starters? Is Bind Running for another - where is a query from a box on the 192.168 local network of yours doing a query to your nameserver??
Also - I am more than happy to help.. But give me something on the actual network your nameserver is on - not some vm behind a NAT on some 10.x network.
Lets schedule a time tmrw maybe? I am home all day and happy to teamviewer in and get this working.. But needs some basics to work.. So whatever OS we are going to use for TV - the mouse has to work.. Lets not do a vm running on a vm, running on some other vm software under a VM ;)
Do you not have a hard machine on the same network as your pfsense lan, and your nameserver - There should be no problem with it being linux based – but I think the problem is the nested vms I believe you were using. And whatever OS your virtualmin is runing on we are going to need access to that - be it ssh, be it remote desktop, but it another TV session - but I am not going to troubleshoot virtualmin in this situation since it has NOTHING to do with the actual problem,.
-
Hi, yes, CentOS Linux 6.4 is using BIND.
I checked CentOS and the network configuration is:
Address: 192.168.1.163.
Netmask: 255.255.255.0.
Gateway: 192.168.1.155.
DNS: 192.168.180.I changed the DNS to 8.8.8.8.
So yes, CentOS is pointing automatically to pfSense's LAN 192.168.1.155.
Happy for some online work. I have an updated TV, so that might help with the mouse click problem, which was on a real machine. (only the 2nd time I went to a VM to try and fix the mouse click problem, which it did (but caused the network issue on 10.x.x.x)).
I'm online in about 30 minutes.
-
So why would a dns server running bind not point to itself for dns? Is bind not allow recursive? Why would you not point it to pfsense if that is the case - how are you going to resolve your on local domain pointing to 8.8.8.8?
So can you query your bind server and resolve your domain now? Because I couldn't last time I was on your network. So lets see your query - because if that works then it will work from the outside since pfsense port forwards are setup, and we saw the traffic being sent to your .163 address via the sniff on pfsense lan remember.
-
I'm getting a bit confused with all the settings now with pfSense router and Proxmox server with Virtualmin (and Virtualmin running off CentOS (CentOS then having its own DNS settings).
So I changed the CentOS DNS from 192.168.1.180 to 8.8.8.8 and now to 192.168.1.155.
Website still not showing.
-
ARGGH dude what that box uses for dns has NOTHING to do with your issue.
Your running BIND as you stated, this hosts up your domain.tld, this is not answering a simple query from computer on the same network as it.
Say 192.168.1.162 – so how does pfsense have anything to do with it?
So my local domain is local.lan -- if I ask my dns server for a simple A record, lets call it my printer I call brother.local.lan
C:>nslookup
Default Server: pfsense.local.lan
Address: 192.168.1.253brother.local.lan
Server: pfsense.local.lan
Address: 192.168.1.253Name: brother.local.lan
Address: 192.168.2.50See how I get a response.. So on your network.. Do a simple nslookup for a record that should be there say www.yourdomain.tld
Do you get a response?? If NOT then nothing you do on pfsense or the rest of your network is going to fix that.. That is a problem with BIND running on your host, is it even running? Have you looked in its log? Does this centos box have a local host firewall? etc.. etc..
You need to fix that before we have to worry about people on the internet being able to resolve www.yourdomain.tld.
See attached - I am on my workstation on the 192.168.1.0/24 network, my dns (pfsense in this case) has a record for all my local devices in the local.lan domain. If I query it for a record - it answers. Lets see this from your workstation doing a query to your .163 server running bind. You can change the host you query via server command in nslookup. So make sure you change server to your .163 address and do a query for records you created in yourdomain
Let us see these queries!! Then if not working from the internet I will be happy to TV in again and take a look at your forwards. But they were working last time I was in.
If your using dig, you can do same sort of command with @serverIP fqdn
C:>dig @4.2.2.2 www.pfsense.org
; <<>> DiG 9.9.5-W1 <<>> @4.2.2.2 www.pfsense.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56986
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.pfsense.org. IN A;; ANSWER SECTION:
www.pfsense.org. 1800 IN A 192.207.126.26;; Query time: 221 msec
;; SERVER: 4.2.2.2#53(4.2.2.2)
;; WHEN: Wed Feb 26 07:54:13 Central Standard Time 2014
;; MSG SIZE rcvd: 60
-
Yes, I have checked that the BIND server is running.
Here are the results:
192.168.1.120 > Terminal > nslookup www.domain.tld Server: 8.8.8.8 Address: 8.8.8.8#53 ** server can't find www.domain.tld: SERVFAIL 192.168.1.120 > Terminal > dig www.domain.tld ; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> www.domain.tld ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 63678 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.domain.tld. IN A ;; Query time: 3177 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Sat Mar 01 15:37:10 EST 2014 ;; MSG SIZE rcvd: 48 192.168.1.163 > Terminal > nslookup www.sk8parks.org.au Server: 192.168.1.155 Address: 192.168.1.155#53 ** server can't find www.domain.tld: NXDOMAIN 192.168.1.163 > Terminal > dig www.domain.tld ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> www.domain.tld ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 52297 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.domain.tld. IN A ;; Query time: 3192 msec ;; SERVER: 192.168.1.155#53(192.168.1.155) ;; WHEN: Sat Mar 1 15:41:56 2014 ;; MSG SIZE rcvd: 37
-
ARRRGGHHHH!!!!!
Query your freaking bind server and does it return an answer??
How hard is that to understanding – I have stated like a million times already. You query google and pfsense.. WTF?? From the DNS box itself even??
Neither of those are going to work - because your BIND server is Not Answering!!
dig @192.168.1.163 www.sk8parks.org.au
or nslookup
server 192.168.1.163
www.sk8parks.org.auIf your BIND server does not respond, since that is where you point to for this sk8parks.org.au then no other dns server on the planet is going to resolve sk8parks.org.au.. And that has nothing to do with a port forwarding or pfsense.
-
Thank you for the clarification.
I think the results are showing that from my computer 192.168.1.120, I can connect to BIND.192.168.1.120 ~ $ dig @192.168.1.163 www.domain.tld ; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> @192.168.1.163 www.domain.tld ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31480 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 3 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;www.domain.tld. IN A ;; ANSWER SECTION: www.domain.tld. 38400 IN A xxx.xxx.xxx.xx ;; AUTHORITY SECTION: domain.tld. 38400 IN NS localhost.localdomain. ;; ADDITIONAL SECTION: localhost.localdomain. 86400 IN A 127.0.0.1 localhost.localdomain. 86400 IN AAAA ::1 ;; Query time: 3 msec ;; SERVER: 192.168.1.163#53(192.168.1.163) ;; WHEN: Mon Mar 03 10:02:26 EST 2014 ;; MSG SIZE rcvd: 143 192.168.1.120 ~ $ nslookup > server 192.168.1.163 Default server: 192.168.1.163 Address: 192.168.1.163#53 > www.domain.tld Server: 192.168.1.163 Address: 192.168.1.163#53 Name: www.domain.tld Address: xxx.xxx.xxx.xx
-
And what is your bind config?
Because I can understand why you would change out the IP address of your record, but that stays your Nameserver is 127.0.0.1 localhost.localdomain?
And why was I not able to query it when I was teamviewered in and on your windows box. Does your bind config not allow answer to network outside of 192.168.1.0/24?
Please post your bind config.
should be named.conf.
-
Ok, here's the BIND configuration on the webserver.
// // named.conf // // Provided by Red Hat bind package to configure the ISC BIND named(8) DNS // server as a caching only nameserver (as a localhost DNS resolver only). // // See /usr/share/doc/bind*/sample/ for example named configuration files. // options { listen-on port 53 { any; }; listen-on-v6 port 53 { any; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; recursion yes; dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto; /* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key"; managed-keys-directory "/var/named/dynamic"; }; logging { channel default_debug { file "data/named.run"; severity dynamic; }; }; zone "." IN { type hint; file "named.ca"; }; include "/etc/named.rfc1912.zones"; include "/etc/named.root.key"; zone "domain.tld" { type master; file "/var/named/domain.tld.hosts"; allow-transfer { 127.0.0.1; localnets; }; };
I think you weren't able to query the BIND server when in the Windows OS, as the Windows OS was on a network of 10.0.0.1, being different from BIND server's network 192.168.1.0/24.
I tested if the pfSense firewall is blocking port 53 with the following results:
192.168.1.163# lsof -ni tcp:53 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME named 1300 named 20u IPv6 9350 0t0 TCP *:domain (LISTEN) named 1300 named 21u IPv4 9355 0t0 TCP 127.0.0.1:domain (LISTEN) named 1300 named 25u IPv4 10525 0t0 TCP 192.168.1.163:domain (LISTEN) 192.168.1.163# netstat -nat | grep :53 tcp 0 0 192.168.1.163:53 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN tcp 0 0 :::53 :::* LISTEN 192.168.1.120# lsof -ni tcp:53 192.168.1.120# netstat -nat | grep :53
If I understand the results, then my LAN computer 192.168.1.120 can't get through pfSense 192.168.1.155 to the webserver 192.168.1.163's DNS port 53.
pfSense does have port 53 forwarded to 192.168.1.163.
I didn't know the Windows OS was on a different network…this must have happened by default with the Virtual Machine's bridge setting.
I am trying to fix this. -
And do you have a firewall running on this server.. You must because that explains the problem. Windows was pinging the IP, so should of worked unless firewall on the .163 box blocking?
As to .120 can't get through - what??? You queried and got an answer.. And .120 does not NOT go through pfsense to get to .163 – they are on the same segment, pfsense is only used for on and off that 192.168.1.0/24 segment - boxes talking to each other on that network could give a shit if pfsense was even on.
Lets be clear you are changing out domain.tld for your actual domain?
And you think you did what with that netstat and lsof command? That has Nothing to do with what pfsense is or isn't doing, your just showing if that box is listening on tcp 53.. What about UDP, most queries use UDP not TCP.. tcp would be used for zone transfers and large queries.
And once you get queries working, you have to fix your zone file - you can not list localhost.localdomain as your NS with loopback as the IP and expect the zone to work ;)
Can you run
iptables --list
On the centos box, the .163 so we can see the firewall rules on it. Prob have to be root to run it.
example
root@ubuntu:/# iptables --list
Chain INPUT (policy ACCEPT)
target prot opt source destination
sshguard all -- anywhere anywhereChain FORWARD (policy ACCEPT)
target prot opt source destinationChain OUTPUT (policy ACCEPT)
target prot opt source destinationChain sshguard (1 references)
target prot opt source destination
root@ubuntu:/# -
There might be a default firewall running on the webserver, however before pfSense was installed, the website showed, so the only difference is pfSense added, not turning on (or off) any firewall on the webserver.
Windows was on the wrong network, so that was another issue…I've fixed that now so Windows is on the same network.
Yes, I'm changing the real website with domain.tld.
Here's the iptables --list from the webserver 192.168.1.163
# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- anywhere anywhere udp dpt:ftp-data ACCEPT udp -- anywhere anywhere udp dpt:ftp ACCEPT udp -- anywhere anywhere udp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:dnp ACCEPT tcp -- anywhere anywhere tcp dpt:ndmp ACCEPT tcp -- anywhere anywhere tcp dpt:https ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:imaps ACCEPT tcp -- anywhere anywhere tcp dpt:imap ACCEPT tcp -- anywhere anywhere tcp dpt:pop3s ACCEPT tcp -- anywhere anywhere tcp dpt:pop3 ACCEPT tcp -- anywhere anywhere tcp dpt:ftp-data ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ACCEPT tcp -- anywhere anywhere tcp dpt:domain ACCEPT tcp -- anywhere anywhere tcp dpt:submission ACCEPT tcp -- anywhere anywhere tcp dpt:smtp ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination
-
So I researched and the IP table listed above seems to indicate that DNS packets on port 53 are not blocked.
This would indicate pfSense blocking then I think? -
well unless you changed something again pfsense was forwarding dns to your .163 box - but no answers were coming back..
What version of bind are you running? I don't see any allow statement for queries
I see this
zone "domain.tld" {
type master;
file "/var/named/domain.tld.hosts";
allow-transfer {
127.0.0.1;
localnets;
};
};But there should be a allow query statement like this
allow-query {
any;
};Or there should be an ACL, setup - and the fact that you allow recursion - if you do get it working your dns will be used in an attack fairly quickly..
Please email with a time to TV back in and we will put this to bed
-
I haven't changed anything that would effect DNS packets through pfSense.
The BIND DNS Server is BIND version 9.8.2.
I'm not sure why there's no allow statement for queries, as this is the default setup the server sets up and works without pfSense.
It seems the default settings setup recursion, which is a flaw, as I certainly don't want to be an DDOS attacker or an unwilling victim of DDOS attacks.
The recursion will need to be switched off. -
Why would you be running 9.8.2, not even .7 the latest in that line which is approaching EOL anyway. You should be running the current 9.9, .5 is the current but seems many linux distros just backport security features vs updating.
-
"I haven't changed anything that would effect DNS packets through pfSense."
Well that is NOT True – for starters you don't have pfsense in your dmz anymore - so how is dns going to even get to pfsense to forward?
Dude I really want to help you but this is becoming very frustrating!!! I get on an you don't even know I am there.. I get on and you have F'd up your dns forward by replacing your wan address with *, then you don't have pfsense in your DMZ anymore -- That is a REQUIREMENT that the traffic you want to forward behind pfsense gets to pfsense from the NAT you have running before it. So dmz is best option, which we setup before.
Now you can not even remember your netgear login password.
Dude I want to put this to bed - but its like pulling teeth with a pair of tweezers.. This takes all of 2 seconds to setup, but every time I connect into you machine there are issues. Mouse doesn't work, on a box with triple nat, don't know your dns box password. You don't know your modem/router password.. You have change everything we had already setup.
If you would give me 5 whole minutes where I could actually access your devices this would be working bing bang zoom! But I am going to say this again!! You should not try and host your own dns -- you only have 1 IP which is bad.. You have old version of bind running with recursion on from the public net if we get the forward working, etc..
Host your domains here https://www.cloudns.net/ you can get 3 domains FREE.. There are plenty of places to host your domains - if you want I can host them for you.. You clearly are not ready for providing services to the public net off your connection.. And you have what 1mbps up -- that is going to crash and burn with 1 user ;)
-
Host your domains here https://www.cloudns.net/ you can get 3 domains FREE.. There are plenty of places to host your domains - if you want I can host them for you..
You can host 50 domains with HE. Master/slave/reverse.
-
^ Yup there you go!! There is NO reason to try and host dns off your box that you have no clue how to setup with 1 public IP address, and 1mbps upload pipe.. Your just asking for trouble and issues.
-
Ok - got email from him that is working.. So did a test and yes it answers query for the A record he gave me www, but dude this BROKE!! See my email
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yourdomain.tld IN A;; ANSWER SECTION:
www.yourdomain.tld 38400 IN A 192.0.2.67;; AUTHORITY SECTION:
yourdomain.tld. 38400 IN NS localhost.localdomain.;; ADDITIONAL SECTION:
localhost.localdomain. 86400 IN A 127.0.0.1
localhost.localdomain. 86400 IN AAAA ::1;; Query time: 277 msec
;; SERVER: 192.0.2.67#53(192.0.2.67)
;; WHEN: Tue Mar 11 10:51:19 CDT 2014
;; MSG SIZE rcvd: 143Clearly I have replaced his domain and IP returned to documentation network 192.0.2.0/24 But that is what it returns for NS and IPs for NS.
-
Hmmm… Lulz, that's pure men's DNS, run your own on localhost if you want to resolve my domain. ;D I'd too strongly suggest the guy should NOT run any public-facing DNS.
-
Okay, so the website isn't working again.
I couldn't access the modem and the restore restored an old password I don't know. I factory reset the modem and setup a new password so access to modem works.
Modem has DMZ through to pfSense's WAN port.pfSense NAT port forward automatically sets up WAN and LAN ports as *, rather than the specific WAN IP of pfSense to LAN IP of webserver?
The 50 DNS hosts looks good however I setup 1 domain to test how it goes, and the site doesn't show the name server settings needed for my webserver? The free DNS did show the nameserver settings initially, but I was going through the setup stages of my domain, so I expected the nameserver settings at the end of the process which aren't anywhere to be found now, so I haven't recorded or know the nameservers?
Also, I go to http://he.net/ > Information > Customer Login > enter my username and password (I actually have an old account here) and error: No record matched username.
There's no password retrieval, but I could login before at https://dns.he.net/Anyway, not working again with same DNS on my webserver as https://dns.he.net won't work. Ports seem to be forwarded and DMZed.
-
Well if you reset the modem and it no longer works - then you didn't setup dmz correctly. Unless you had messed with the forwards I fixed on pfsense.
"pfSense NAT port forward automatically sets up WAN and LAN ports as *, rather than the specific WAN IP of pfSense to LAN IP of webserver?"
Sorry but NO it does not..
Here lets look = click to add new nat – what does it show there for destination.. You had that set to ANY or * That is not going to work!
Because you forgot your password he.net won't work? Did you think to contact them?
"please contact Support support@he.netand request a password."
As to other possible issue - did your IP happen to change on reset of your modem? If your public IP changed then you have to update your registrar to point to your new public IP. Which could take what days depending on the registrar.. You really should not be hosting your own dns PERIOD!!
-
I think the modem works as I have indeed setup the DMZ to 192.168.0.2 (pfSense's WAN IP).
pfSense > Firewall > NAT > DNS > does automatically sets up the Destination as Type: WAN address.
The current setup is pfSense > Firewall > NAT > DNS > Destination > Type: WAN address.
However it's still not working? -
See my edit - did your public IP change? you are on now email me your TV info and I will jump on
-
So I TV in – NO DMZ that I could see, and he can not log into his modem yet again because he can not remember the correct password.
Sorry dude I am done I can not deal with such nonsense any longer..
-
So, I have factory reset the modem again and I can login to modem with default username and password when connected to local computer.
I connect modem back into pfSense and my computer can access Internet and the modem, however the default username and password are rejected.I am still researching why the modem won't accept the default username and password when connected to pfSense.
-
The 50 DNS hosts looks good however I setup 1 domain to test how it goes, and the site doesn't show the name server settings needed for my webserver?
I have absolutely no clue WTH you mean there.
You may use this interface to maintain your own domains. Simply click on the 'Add a new domain' option from the left hand 'Zone Functions' menu and enter the domain name in the form when prompted. You may need to change the nameservers that are authoritative for the domain. You would do this at your registrar.
Change your nameservers to:
ns5.he.net
ns4.he.net
ns3.he.net
ns2.he.netAre you actually reading some instructions, or just blindly messing with things you have no clue about?
-
Thank you for providing the name servers.
Unfortunately, the name server settings are not easy to find.
I remember seeing your mentioned name server settings through the steps of setting up the 1st domain, however I expected the settings to be provided at the end of the setup process.
Unfortunately, the settings weren't provided at the end of the setup process, so I clicked 'back' several time to see the previous setup step with your mentioned name server settings, but they were no longer shown.I checked your website and the Free DNS link and the settings aren't there either, so basically the navigation path to the settings could improve for some user friendly navigation.
-
Thank you for providing the name servers.
Unfortunately, the name server settings are not easy to find.
I checked your website and the Free DNS link and the settings aren't there eitherOh really? This is what is shown directly after logon… I'd frankly call that damn impossible to miss!
-
Yes, that looks very clear.
However the issue is navigating to find that specific nameserver information.I just did a login as your example looks very easy to see the information after login, however this doesn't appear for me when I login.
Anyways, 1st issue is to fix pfSense to allow DNS packets through port 53.
2. Let modem login with default username and password which works when connected to this local computer, but when connected to pfSense, I access the modem from this local computer through pfSense, but the modem default username and password won't work.
3. Fix my DNS settings.
4. Use your DNS settings if I can't get mine to work.
-
"1st issue is to fix pfSense to allow DNS packets through port 53."
Dude there is NOTHING to fix with pfsense - YOU CAN NOT forward packets pfsense does not SEE!!! Your MODEM is not in DMZ mode, your not sending udp/tcp 53 to pfsense - so what is there to fix on pfsense????
As to not logging into your modem when you connect pfsense - come on, really? That makes NO sense at all.. Did you try a different browser? Why don't you sniff the traffic and validate what what pfsense sends to your modem.. If pfsense was mangling the login – then most likely any website on the planet that was http would would not log in.
Did you clear your browser cache? Or you using proxy on pfsense? I did not notice it when was on.
I can assure you that name servers are right there on the page dns.he.net, screaming at you to what Nameservers to point to -- but once you create a zone.. Then it goes away.. But will be listed in the zone!!
So clearly you didn't bother reading what you were looking at before you clicked clicked and then didn't even look to what you were creating.. They are impossible to miss when looking at your zone.
Dude I really do want to help you -- but its becoming a PITA!! Every single time I connect to via TV there is something wrong, you can not login to your box running centos (dns server) Was pfsense mangling that password inside a ssh session as well? Mouse doesn't work, You can not login to your modem.. etc.. etc.. etc..
This is really freaking basic shit here.. First your "modem" needs to send the traffic to pfsense!!! Set DMZ to your pfsense wan IP.. 192.168.0.2 I believe. Then create the forward/nat - this is like 2 clicks. Put your IP you want to send to, and what service (dns) and pick udp/tcp
Your now done -- this is 1 minute of work.. We have been dicking with this for what a month? I have tried to help you - to be honest I think your just freaking trolling having a laugh on us.. Nobody can be this dense..
-
Okay, well, the website seems to be showing now.
However only the home page, the others won't load outside the WAN.
I don't have any time to get into the details right now, but thought I would update. -
Yeah NO – your dns is NOT responding.. So I don't know what you think is working.. But your domain still points to same IP it did, and NO it does not respond to dns query.
; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> @124.xx.xx.67 www.yourdomain.tld
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached -
One year later: cannot check whether it works since the domain expired. :D
-
I really want to help the guy - so I have been TV'd in and accessed his modem before, but now it seems pfsense is messing with the password so it doesn't work? :rolleyes:
I have been remote to his system like 5 times now and every single time is something else that prevents me from doing the most basic things. He can not ssh to his server, he can not login to virtualmin, mouse doesn't work so I can not control. It did work until he reset his modem again.
This is like 2 minutes
Set modem to DMZ (since he does not want to bridge?? or can not?) to his pfsense wan - setup forward on pfsense (click) = done.. It is frustrating to say the least.. He clearly should not be hosting anything off his own connection. Be it dns or some site be it even for his own access