Redirect traffic from Virtual IP's port 53 to LAN's port 53?

CDuv

My pfSense box uses IP 192.168.0.42/24 and I have a virtual IP (menu Firewall: Virtual IP Address) of type "IP alias" (on Interface "LAN") that also makes him available via 192.168.0.254/24.

I'm using Unbound DNS as a DNS server (instead of DNS forwarder) but this package don't supports my Virtual IP: DNS server only listen on 192.168.0.42 and thus ignores any DNS client that tries to contact it via 192.168.0.254.

I'm wondering I can use the following NAT rule to map VirtualIP:53 to LAN:53?

If    Proto    Src. addr    Src. ports    Dest. addr    Dest. ports    NAT IP        NAT Ports
LAN  TCP      *            *            192.168.1.1  53 (DNS)      192.168.1.30  53 (DNS)

viragomann

There is also UDP protocol required for DNS.

CDuv

Right, was I bit too fast on this one.
But do you "agree" on the fact this could/should work?
I don't know about pfSense doing NAT on same interface…

viragomann

I don't know. In my setup NAT between IPs on the same interface wasn't necessary. As I know it would not work if the NAT IP is bound to another device. But maybe it works for localhost.

Basically, it should be doable to bind local services at IP aliases.