PfSense blocking nameservers on Virtualmin?
-
Ok - got email from him that is working.. So did a test and yes it answers query for the A record he gave me www, but dude this BROKE!! See my email
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.yourdomain.tld IN A;; ANSWER SECTION:
www.yourdomain.tld 38400 IN A 192.0.2.67;; AUTHORITY SECTION:
yourdomain.tld. 38400 IN NS localhost.localdomain.;; ADDITIONAL SECTION:
localhost.localdomain. 86400 IN A 127.0.0.1
localhost.localdomain. 86400 IN AAAA ::1;; Query time: 277 msec
;; SERVER: 192.0.2.67#53(192.0.2.67)
;; WHEN: Tue Mar 11 10:51:19 CDT 2014
;; MSG SIZE rcvd: 143Clearly I have replaced his domain and IP returned to documentation network 192.0.2.0/24 But that is what it returns for NS and IPs for NS.
-
Hmmm… Lulz, that's pure men's DNS, run your own on localhost if you want to resolve my domain. ;D I'd too strongly suggest the guy should NOT run any public-facing DNS.
-
Okay, so the website isn't working again.
I couldn't access the modem and the restore restored an old password I don't know. I factory reset the modem and setup a new password so access to modem works.
Modem has DMZ through to pfSense's WAN port.pfSense NAT port forward automatically sets up WAN and LAN ports as *, rather than the specific WAN IP of pfSense to LAN IP of webserver?
The 50 DNS hosts looks good however I setup 1 domain to test how it goes, and the site doesn't show the name server settings needed for my webserver? The free DNS did show the nameserver settings initially, but I was going through the setup stages of my domain, so I expected the nameserver settings at the end of the process which aren't anywhere to be found now, so I haven't recorded or know the nameservers?
Also, I go to http://he.net/ > Information > Customer Login > enter my username and password (I actually have an old account here) and error: No record matched username.
There's no password retrieval, but I could login before at https://dns.he.net/Anyway, not working again with same DNS on my webserver as https://dns.he.net won't work. Ports seem to be forwarded and DMZed.
-
Well if you reset the modem and it no longer works - then you didn't setup dmz correctly. Unless you had messed with the forwards I fixed on pfsense.
"pfSense NAT port forward automatically sets up WAN and LAN ports as *, rather than the specific WAN IP of pfSense to LAN IP of webserver?"
Sorry but NO it does not..
Here lets look = click to add new nat – what does it show there for destination.. You had that set to ANY or * That is not going to work!
Because you forgot your password he.net won't work? Did you think to contact them?
"please contact Support support@he.netand request a password."
As to other possible issue - did your IP happen to change on reset of your modem? If your public IP changed then you have to update your registrar to point to your new public IP. Which could take what days depending on the registrar.. You really should not be hosting your own dns PERIOD!!
-
I think the modem works as I have indeed setup the DMZ to 192.168.0.2 (pfSense's WAN IP).
pfSense > Firewall > NAT > DNS > does automatically sets up the Destination as Type: WAN address.
The current setup is pfSense > Firewall > NAT > DNS > Destination > Type: WAN address.
However it's still not working? -
See my edit - did your public IP change? you are on now email me your TV info and I will jump on
-
So I TV in – NO DMZ that I could see, and he can not log into his modem yet again because he can not remember the correct password.
Sorry dude I am done I can not deal with such nonsense any longer..
-
So, I have factory reset the modem again and I can login to modem with default username and password when connected to local computer.
I connect modem back into pfSense and my computer can access Internet and the modem, however the default username and password are rejected.I am still researching why the modem won't accept the default username and password when connected to pfSense.
-
The 50 DNS hosts looks good however I setup 1 domain to test how it goes, and the site doesn't show the name server settings needed for my webserver?
I have absolutely no clue WTH you mean there.
You may use this interface to maintain your own domains. Simply click on the 'Add a new domain' option from the left hand 'Zone Functions' menu and enter the domain name in the form when prompted. You may need to change the nameservers that are authoritative for the domain. You would do this at your registrar.
Change your nameservers to:
ns5.he.net
ns4.he.net
ns3.he.net
ns2.he.netAre you actually reading some instructions, or just blindly messing with things you have no clue about?
-
Thank you for providing the name servers.
Unfortunately, the name server settings are not easy to find.
I remember seeing your mentioned name server settings through the steps of setting up the 1st domain, however I expected the settings to be provided at the end of the setup process.
Unfortunately, the settings weren't provided at the end of the setup process, so I clicked 'back' several time to see the previous setup step with your mentioned name server settings, but they were no longer shown.I checked your website and the Free DNS link and the settings aren't there either, so basically the navigation path to the settings could improve for some user friendly navigation.
-
Thank you for providing the name servers.
Unfortunately, the name server settings are not easy to find.
I checked your website and the Free DNS link and the settings aren't there eitherOh really? This is what is shown directly after logon… I'd frankly call that damn impossible to miss!
-
Yes, that looks very clear.
However the issue is navigating to find that specific nameserver information.I just did a login as your example looks very easy to see the information after login, however this doesn't appear for me when I login.
Anyways, 1st issue is to fix pfSense to allow DNS packets through port 53.
2. Let modem login with default username and password which works when connected to this local computer, but when connected to pfSense, I access the modem from this local computer through pfSense, but the modem default username and password won't work.
3. Fix my DNS settings.
4. Use your DNS settings if I can't get mine to work.
-
"1st issue is to fix pfSense to allow DNS packets through port 53."
Dude there is NOTHING to fix with pfsense - YOU CAN NOT forward packets pfsense does not SEE!!! Your MODEM is not in DMZ mode, your not sending udp/tcp 53 to pfsense - so what is there to fix on pfsense????
As to not logging into your modem when you connect pfsense - come on, really? That makes NO sense at all.. Did you try a different browser? Why don't you sniff the traffic and validate what what pfsense sends to your modem.. If pfsense was mangling the login – then most likely any website on the planet that was http would would not log in.
Did you clear your browser cache? Or you using proxy on pfsense? I did not notice it when was on.
I can assure you that name servers are right there on the page dns.he.net, screaming at you to what Nameservers to point to -- but once you create a zone.. Then it goes away.. But will be listed in the zone!!
So clearly you didn't bother reading what you were looking at before you clicked clicked and then didn't even look to what you were creating.. They are impossible to miss when looking at your zone.
Dude I really do want to help you -- but its becoming a PITA!! Every single time I connect to via TV there is something wrong, you can not login to your box running centos (dns server) Was pfsense mangling that password inside a ssh session as well? Mouse doesn't work, You can not login to your modem.. etc.. etc.. etc..
This is really freaking basic shit here.. First your "modem" needs to send the traffic to pfsense!!! Set DMZ to your pfsense wan IP.. 192.168.0.2 I believe. Then create the forward/nat - this is like 2 clicks. Put your IP you want to send to, and what service (dns) and pick udp/tcp
Your now done -- this is 1 minute of work.. We have been dicking with this for what a month? I have tried to help you - to be honest I think your just freaking trolling having a laugh on us.. Nobody can be this dense..
-
Okay, well, the website seems to be showing now.
However only the home page, the others won't load outside the WAN.
I don't have any time to get into the details right now, but thought I would update. -
Yeah NO – your dns is NOT responding.. So I don't know what you think is working.. But your domain still points to same IP it did, and NO it does not respond to dns query.
; <<>> DiG 9.9.3-rpz2+rl.13214.22-P2-Ubuntu-1:9.9.3.dfsg.P2-4ubuntu1.1 <<>> @124.xx.xx.67 www.yourdomain.tld
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached -
One year later: cannot check whether it works since the domain expired. :D
-
I really want to help the guy - so I have been TV'd in and accessed his modem before, but now it seems pfsense is messing with the password so it doesn't work? :rolleyes:
I have been remote to his system like 5 times now and every single time is something else that prevents me from doing the most basic things. He can not ssh to his server, he can not login to virtualmin, mouse doesn't work so I can not control. It did work until he reset his modem again.
This is like 2 minutes
Set modem to DMZ (since he does not want to bridge?? or can not?) to his pfsense wan - setup forward on pfsense (click) = done.. It is frustrating to say the least.. He clearly should not be hosting anything off his own connection. Be it dns or some site be it even for his own access
