Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No Internet connection with non-default gateway

    Scheduled Pinned Locked Moved Routing and Multi WAN
    17 Posts 3 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pilips_d @viragomann
      last edited by

      @viragomann I tried to do what you propose. I added screenshot. It is not help for me =( Now you see how my general settings for DNS looks. 0_1527691367701_resolver.png
      P.S. Sorry for long answer - it is because pfSense forum maintenance/update.

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        @pilips_d said in No Internet connection with non-default gateway:

        I tried to do what you propose.

        🤔
        Which suggestion? Allowing DNS access to pfSense or using external DNS?

        1 Reply Last reply Reply Quote 0
        • P
          pilips_d
          last edited by pilips_d

          @viragomann said in No Internet connection with non-default gateway:

          Which suggestion? Allowing DNS access to pfSense or using external DNS?

          Last one, I using own DNS server for my network (first position on last screenshot) that is why i need external DNS

          1 Reply Last reply Reply Quote 0
          • V
            viragomann
            last edited by

            These settings don't matter the client DNS configuration.
            The last option in the screenshot only prevents pfSense itself from accessing DNS Forwarder or Resolver.

            Again, if you have the DNS Resolver (Services > DNS Resolver) or the Forwarder (Services > DNS Forwarder ) enabled and your clients get IP configuration from pfSense DHCP server, the DHCP provides the pfsense DNS to the clients as long as you haven't stated other DNS servers in the DCHP settings.

            Check the client DNS settings to assure which DNS is used.

            1 Reply Last reply Reply Quote 1
            • M
              mrsunfire
              last edited by

              What to do if I use a gateway and use pfSense as DNS resolver? What rule do I have to create to allow pfSense use its own DNS server?

              Netgate 6100 MAX

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @mrsunfire
                last edited by viragomann

                @mrsunfire said in No Internet connection with non-default gateway:

                What to do if I use a gateway and use pfSense as DNS resolver?

                If its a VPN gateway you will catch DNS leaks by doing that when you also allow the resolver to go out to WAN for requests.

                @mrsunfire said in No Internet connection with non-default gateway:

                What rule do I have to create to allow pfSense use its own DNS server?

                pfSense doesn't need a rule for that. pfSense use the resolver if activated as long as you haven't checked "Do not use the DNS Forwarder/DNS Resolver as a DNS server for the firewall" in the general settings.

                For clients connected to an interface, however, you need a filter rule allowing TCP/UDP port 53 access to the interface address.

                P 1 Reply Last reply Reply Quote 0
                • P
                  pilips_d @viragomann
                  last edited by pilips_d

                  @viragomann clients have only local dns server for resolving.

                  I wonder how to configure pfSense for giving special DNS for different gateways?

                  As you seen in System > General Setup I have separate dns for each gateway. I think when I choosing different gateway for special VLAN clients get local dns and then clients cannot access to it via those gateways.

                  DNS Forwarder is disable and DNS Resolver is enable on pfSense.

                  1 Reply Last reply Reply Quote 0
                  • V
                    viragomann
                    last edited by

                    So your clients use the DNS resolver on pfSense. I.e. you have to allow DNS access on the propriate interfaces to the pfSense interface address.

                    So add a pass rule to that interfaces:
                    protocol: TCP/UDP
                    destination: this firewall
                    dest. port: 53

                    Put that rule to the top of the interface rule set and your clients should get DNS access.

                    P 1 Reply Last reply Reply Quote 0
                    • P
                      pilips_d @viragomann
                      last edited by

                      After adding this rule nothing changed.
                      After it I disabled pfSense DNS Resolver and again nothin changed.

                      So I do not use pfSense DNS Resolver.

                      Any ideas?
                      How to use specific DNS for each gateway?

                      1 Reply Last reply Reply Quote 0
                      • V
                        viragomann
                        last edited by

                        So let's go back to the beginning.

                        As you mentioned above, with the gateway stated in the firewall rule, a ping from a client to google-public-dns-a.google.com fails, but ping to 8.8.8.8 succeed.
                        google-public-dns-a.google.com is to be resolved to 8.8.8.8, so it is exactly the same IP, but for accessing the address by its name you need a DNS.
                        So if that is true, the client isn't able to access the DNS server. So please find out which DNS use used by the client to set a working rule for it.

                        @pilips_d said in No Internet connection with non-default gateway:

                        After it I disabled pfSense DNS Resolver and again nothin changed.

                        Of course, if the client use the DNS resolver and you disable it, internet access fails, cause he cannot resolve host names.

                        P 1 Reply Last reply Reply Quote 1
                        • P
                          pilips_d @viragomann
                          last edited by

                          @viragomann Thanks a lot!
                          I find the solution: for changing gateway there are have to be two rules for VLAN:

                          1. Access to local VLANS via Default gateway (x.x.x.254).
                          2. Access outdoor where you can change gateway ( GW to internet )

                          0_1529232804943_Screen Shot 2018-06-17 at 13.46.26.png

                          Problem was occurred because seting not default gateway not working as expecting.
                          When your set custom GW (not default) at some VLAN your VLAN can not access to other VLANs via it.
                          When set Default GW pfSense know which route to go to access other VLANS and even go outdoor for internet access.

                          So first rule sase how to access VLANs indoor, and second sase how to go outdoor.

                          Thanks very much! Problem solved! Now I understand how to setup failover 🙂

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.