Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Migration to pfsense completed, but have a few questions regarding nat..

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H
      hampeh
      last edited by

      Dear all,

      I have just successfully migrated my firewall from ipcop to pfsense 1.2 (running on alix). Everything when smoothly. My setup is:

      WAN: x.y.z.194 (with VIP of x.y.z.195 - 198)
      LAN: 192.168.0.0/24
      OPT1(DMZ): 172.16.100.0/24

      Under DMZ, i have few servers 172.16.100.2 - 172.16.100.15

      x.y.z.194 in running NAT with port forward to dmz server ip 172.16.100.2.

      172.16.100.2 is running on linux (web, mail, named, dns). The dns is being used for internal lan/dmz and to bind domain name.

      The setup that i have done is.

      RULES

      LAN
      Proto  Source  Port  Destination  Port  Gateway  Schedule  Description

      • LAN net      *                 *           *               *                           Default LAN -> any

      WAN
      TCP/UDP      *            *        172.16.100.2  53 (DNS)      *                              DNS

      DMZ
      TCP/UDP  DMZ net  53 (DNS)  *          53 (DNS)      *                              DNS server

      I have setup outbount NAT

      Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description
      WAN    172.16.100.2/32  *                  *                      *                    *                  *      NO                Interface Address
      WAN    192.168.0.0/24  *                  *                      *                    *                  *      NO         Auto created rule for LAN 
      WAN  172.16.100.0/24 *                 *                     *                            *                 *     NO         Auto created rule for LAN

      When i am using linux/ipcop as firewall, with ns server running on dmz the output of nslookup should be something like this

      [root@apps ~]# nslookup google.com
      Server: x.y.z.94
      Address: x.y.z.94#53

      Non-authoritative answer:
      CUT

      but pfsense as a firewall the output is:

      [root@apps ~]# nslookup google.com
      Server: 172.16.100.2
      Address: 172.16.100.2#53

      CUT

      Is there a way to fix this, why are it use the dmz ip and not the public ip? i have been searching the forum and tried the possible solutions that i can find but it still does not work. By the way my dns is working fine. all my domain running on the 172.16.100.2 is working perfectly.

      any ideas or suggestions are welcome.

      tq.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.