Manual DNS entry for a local host
-
@techvic said in Manual DNS entry for a local host:
So somehow the port forward rules do not apply for requests coming from the same interface as the destination interface is.
Correct, this would require an active reflection which is off by default. Consider this a hack only.
A simple workaround would be a manual DNS entry for the webserver-host ...
You nailed it, it's called host override in your DNS server and works as split DNS.
The preferred and elegant way of solving this. The linked docs show this in greater detail. -
thanks, "Method 1: NAT Refelction" was the option I was looking for ( https://docs.netgate.com/pfsense/en/latest/nat/accessing-port-forwards-from-local-networks.html )
-
Is there some reason you can't use a host override? By using NAT reflection, you're getting pfSense involved, when it doesn't have to be.
-
Using nat reflection is like putting the light switch for your bedroom out at the end of the driveway.. So every time you want to turn your bedroom light on or off you need to walk out to the end of the driveway just to come back inside.
While it works - its not very efficient ;)
-
@JKnott said in Manual DNS entry for a local host:
Is there some reason you can't use a host override? By using NAT reflection, you're getting pfSense involved, when it doesn't have to be.
I looked into that, however it expects a hostname in the scheme "hostname.domain.com", which, in my case is not possible, because "domain.com" IS the hostname. I couldn't find a way to cheat the settings-dialog accordingly. Is that possible?
-
@techvic said in Manual DNS entry for a local host:
the scheme "hostname.domain.com", which, in my case is not possible, because "domain.com" IS the hostname
Very non-common - perfect to break something.
Like you blank out the hostname here :
-
You understand that when you do that, the domain is the host and .tld is the domain right... Works just fine...
While I agree its bad practice to do that to be honest.. It works just fine...
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 25.07.1 | Lab VMs 2.8.1, 25.07.1 -
@techvic said in Manual DNS entry for a local host:
@JKnott said in Manual DNS entry for a local host:
Is there some reason you can't use a host override? By using NAT reflection, you're getting pfSense involved, when it doesn't have to be.
I looked into that, however it expects a hostname in the scheme "hostname.domain.com", which, in my case is not possible, because "domain.com" IS the hostname. I couldn't find a way to cheat the settings-dialog accordingly. Is that possible?
If it's a valid host name, it should work. Have you tried it to see what happens? You can put whatever valid host name you want in there, even google.com. Then any attempts to reach google will go to the address you specified.
-
@johnpoz said in Manual DNS entry for a local host:
While I agree its bad practice to do that to be honest.. It works just fine...
It may be a bad practice, but it's made necessary by NAT on IPv4. You don't have to do such a thing on IPv6, where there are plenty of addresses.
-
@johnpoz : I just tried it : my domain a mere TLD .fr and the rest of the domain as a host name.
It ... works.
Common sense is still barking to me.
