Proper DNS
-
https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
Protip: Use method #2.
-
Ports aren't forwarded. Is this still valid link?
-
What do you mean ports aren't forwarded?
You are using either 1:1 NAT, Port forwarding, or are not describing your network clearly.
-
It's external 443 is 443 internally. I guess this is called 1:1
-
Doesn't look like it worked.
Attached settings screenshot.
 -
No. You don't have to change the port for it to be a port forward.
You need DNS that resolves to the external address for external clients and the internal address for internal clients. Whether you use DNS Resolver/Forwarder or another DNS server is up to you.
Is the host you're testing from configured to use pfSense as its DNS Server.
-
-
You have to only use DNS servers that return the results you need. Change that to just use pfSense.
You can use multiple internal name servers but they all have to be configured to return the same results for the same queries from the same clients.
(Actually that's google and level 3 I think)
-
Ok, changed DHCP to only hand out local DNS of 192.168.1.1 and removed the google DNS and Verizon DNS from the app server.
Still cannot navigate to www.parks-properties.com, cloud.* or crm.*
-
When you look up the name on the client what address do you get?
Did you release/renew on the client?
I have no idea what cloud.* or crm.* are. Sorry.
And the only thing that matters in this case is what the client is set to use as the DNS server. it needs to have the internal IP address of the server in question in the answer.
-
So does 192.168.1.1 know about www.parks-properties.com
You want that to resolve to something local to you?
That resolves on the public internet to
;; ANSWER SECTION:
www.parks-properties.com. 86400 IN CNAME parks-properties.com.
parks-properties.com. 300 IN A 108.226.16.69If you want your clients to resolve something local.. Then using either the forwarder or resolver in pfsense create host over rides or let it registered your dhcp
example - here is a local machine that resolves
C:>nslookup
Default Server: pfSense.local.lan
Address: 192.168.9.253storage.local.lan
Server: pfSense.local.lan
Address: 192.168.9.253Name: storage.local.lan
Address: 192.168.9.8If I want www.parks-properties.com to resolve to say 10.0.0.1 then I just put in a simple over ride
-
Both client and app server using pfsense for DNS (192.168.1.1)
I've put in host overrides for
www / parks-properties.com / 192.168.1.90
crm / parks-properties.com / Alias for www.parks-properties.com
cloud / parks-properties.com / Alias for www.parks-properties.comcrm.parks-properties.com & cloud.parks-properties.com are also hosted on the same app server with their own directories.
Thank you all for helping with this as well. I really appreciate it.
 -
Looks like subdomains work just not the www.parks-properties.com or parks-properties.com
-
what are you saying is not working. From cmd line do simple nslookup or dig or drill or host whatever your fav dns tool is.
So I setup alias for crm
C:>nslookup
www.parks-properties.com
Server: 192.168.9.253
Address: 192.168.9.253#53Name: www.parks-properties.com
Address: 10.0.0.1crm.parks-properties.com
Server: 192.168.9.253
Address: 192.168.9.253#53Name: crm.parks-properties.com
Address: 10.0.0.1 -
I can now access crm.parks-properties.com & cloud.parks-properties.com locally but not our website either using www or parks-properties.com
No a huge issue as I can always access from wan location but would prefer to be able to access as well from LAN since data speeds will be so much better.
-
This isn't rocket science.
get a DNS utility called dig or drill and find out where the problem is.
-
I am with you derelict.. Dig is a tool I use every single day.. He doesn't have to get anything quite sure his OS comes with a way to query dns from a cmd line.. Pretty sure nslookup no matter how bad it is in windows can still just do a simple query.
sdp0024.. Please do a query for what you feel is not working, as per my examples. If something is not working, have you cleared your local cache?
