Migration to pfsense completed, but have a few questions regarding nat..
-
Dear all,
I have just successfully migrated my firewall from ipcop to pfsense 1.2 (running on alix). Everything when smoothly. My setup is:
WAN: x.y.z.194 (with VIP of x.y.z.195 - 198)
LAN: 192.168.0.0/24
OPT1(DMZ): 172.16.100.0/24Under DMZ, i have few servers 172.16.100.2 - 172.16.100.15
x.y.z.194 in running NAT with port forward to dmz server ip 172.16.100.2.
172.16.100.2 is running on linux (web, mail, named, dns). The dns is being used for internal lan/dmz and to bind domain name.
The setup that i have done is.
RULES
LAN
Proto Source Port Destination Port Gateway Schedule Description- LAN net * * * * Default LAN -> any
WAN
TCP/UDP * * 172.16.100.2 53 (DNS) * DNSDMZ
TCP/UDP DMZ net 53 (DNS) * 53 (DNS) * DNS serverI have setup outbount NAT
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN 172.16.100.2/32 * * * * * NO Interface Address
WAN 192.168.0.0/24 * * * * * NO Auto created rule for LAN
WAN 172.16.100.0/24 * * * * * NO Auto created rule for LANWhen i am using linux/ipcop as firewall, with ns server running on dmz the output of nslookup should be something like this
[root@apps ~]# nslookup google.com
Server: x.y.z.94
Address: x.y.z.94#53Non-authoritative answer:
CUTbut pfsense as a firewall the output is:
[root@apps ~]# nslookup google.com
Server: 172.16.100.2
Address: 172.16.100.2#53CUT
Is there a way to fix this, why are it use the dmz ip and not the public ip? i have been searching the forum and tried the possible solutions that i can find but it still does not work. By the way my dns is working fine. all my domain running on the 172.16.100.2 is working perfectly.
any ideas or suggestions are welcome.
tq.