Internal DNS Servers not accessable
-
How does pfSense know how to get to 192.168.100.0/24 via your cisco? It's probably trying to send the traffic for those addresses out its default gateway (the backup WAN).
You have two available paths to get there. 113 and 116. You should probably pick one, we'll use 113. Create a gateway on pfSense to 192.168.113.6. Create a static route to 192.168.0.0/16 with that gateway as the gateway and the 113 VLAN interface as the interface.
-
How does pfSense know how to get to 192.168.100.0/24 via your cisco? It's probably trying to send the traffic for those addresses out its default gateway (the backup WAN).
You have two available paths to get there. 113 and 116. You should probably pick one, we'll use 113. Create a gateway on pfSense to 192.168.113.6. Create a static route to 192.168.0.0/16 with that gateway as the gateway and the 113 VLAN interface as the interface.
OK, this is what I put, doesn't seem to be connecting:
-
How does pfSense know how to get to 192.168.100.0/24 via your cisco? It's probably trying to send the traffic for those addresses out its default gateway (the backup WAN).
You have two available paths to get there. 113 and 116. You should probably pick one, we'll use 113. Create a gateway on pfSense to 192.168.113.6. Create a static route to 192.168.0.0/16 with that gateway as the gateway and the 113 VLAN interface as the interface.
I might have to add a route specifically for the PFSense box to get there, though i figured it would travel just like any other 113 device.
Right now I have a 3750 Switch Stack with VLAN113 VLAN 116 and VLAN1. Those switches are connected via two trunked ports tunnels to a CISCO 2911 which has a 10 NET tunnel to the remote local which I don't know how it is connected, I don't monitor their hardware. I am not even sure if they have managed switches, just routers with ports with assigned subnets to them.
So, locally:
CISCO 3750X with VLANS 113 & 116
Connected to a 2911 via trunked ports 113 & 116
2911 with a port to a 10 net point to point.A few routes on the 2911 dumps all requests to these routes:
ip route 0.0.0.0 0.0.0.0 10.0.0.41 All default traffic to CH
ip route 10.230.2.0 255.255.255.0 192.168.116.3 to SO
ip route 10.230.5.0 255.255.255.0 192.168.116.3 to SO
ip route 192.168.2.0 255.255.255.0 192.168.113.1 to City
ip route 192.168.6.0 255.255.255.0 192.168.113.1 to City -
I might have to add a route specifically for the PFSense box to get there, though i figured it would travel just like any other 113 device.
It is behaving like other VLAN113 devices. It's sending traffic for 192.168.100.0/24 to its default gateway. Thing is, the default gateway on your LAN clients is the 2911. The default gateway for pfSense is the WAN connection.
Make a route for it.
Or, make a gateway pointing at the 2911 and set it as default.
-
I might have to add a route specifically for the PFSense box to get there, though i figured it would travel just like any other 113 device.
It is behaving like other VLAN113 devices. It's sending traffic for 192.168.100.0/24 to its default gateway. Thing is, the default gateway on your LAN clients is the 2911. The default gateway for pfSense is the WAN connection.
Make a route for it.
Or, make a gateway pointing at the 2911 and set it as default.
I did and I can tracert from it to the 100 IP, but I still cannot resolve against it. It still insists on resolving on the eternal DNS servers.
Traceroute output:
1 192.168.113.6 0.491 ms 0.381 ms 0.427 ms
2 10.0.0.41 180.307 ms 170.385 ms 159.623 ms
3 10.0.0.2 160.756 ms 175.612 ms 244.091 ms
4 192.168.100.3 232.974 ms 134.137 ms 166.634 ms -
Ok so your routing is fixed. What are the specific DNS server (System->General) settings and forwarder domain overrides you have in place?
-
Here are the overrides and forwarders.
-
And the DNS is just the ISP external ones:
-
You have checked the checkbox that says not to use the DNS forwarder for queries made by the firewall. If you want the firewall to use the DNS forwarder for its queries why would you do that?
-
Not sure why I had that checked. I'll uncheck it.
