Migration to pfsense completed, but have a few questions regarding nat..

hampeh

Dear all,

I have just successfully migrated my firewall from ipcop to pfsense 1.2 (running on alix). Everything when smoothly. My setup is:

WAN: x.y.z.194 (with VIP of x.y.z.195 - 198)
LAN: 192.168.0.0/24
OPT1(DMZ): 172.16.100.0/24

Under DMZ, i have few servers 172.16.100.2 - 172.16.100.15

x.y.z.194 in running NAT with port forward to dmz server ip 172.16.100.2.

172.16.100.2 is running on linux (web, mail, named, dns). The dns is being used for internal lan/dmz and to bind domain name.

The setup that i have done is.

RULES

LAN
Proto Source Port Destination Port Gateway Schedule Description

LAN net * * * * Default LAN -> any

WAN
TCP/UDP * * 172.16.100.2 53 (DNS) * DNS

DMZ
TCP/UDP DMZ net 53 (DNS) * 53 (DNS) * DNS server

I have setup outbount NAT

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 172.16.100.2/32 * * * * * NO Interface Address
WAN 192.168.0.0/24 * * * * * NO Auto created rule for LAN
WAN 172.16.100.0/24 * * * * * NO Auto created rule for LAN

When i am using linux/ipcop as firewall, with ns server running on dmz the output of nslookup should be something like this

[root@apps ~]# nslookup google.com
Server: x.y.z.94
Address: x.y.z.94#53

Non-authoritative answer:
CUT

but pfsense as a firewall the output is:

[root@apps ~]# nslookup google.com
Server: 172.16.100.2
Address: 172.16.100.2#53

CUT

Is there a way to fix this, why are it use the dmz ip and not the public ip? i have been searching the forum and tried the possible solutions that i can find but it still does not work. By the way my dns is working fine. all my domain running on the 172.16.100.2 is working perfectly.

any ideas or suggestions are welcome.

tq.