Migration to pfsense completed, but have a few questions regarding nat..



  • Dear all,

    I have just successfully migrated my firewall from ipcop to pfsense 1.2 (running on alix). Everything when smoothly. My setup is:

    WAN: x.y.z.194 (with VIP of x.y.z.195 - 198)
    LAN: 192.168.0.0/24
    OPT1(DMZ): 172.16.100.0/24

    Under DMZ, i have few servers 172.16.100.2 - 172.16.100.15

    x.y.z.194 in running NAT with port forward to dmz server ip 172.16.100.2.

    172.16.100.2 is running on linux (web, mail, named, dns). The dns is being used for internal lan/dmz and to bind domain name.

    The setup that i have done is.

    RULES

    LAN
    Proto  Source  Port  Destination  Port  Gateway  Schedule  Description

    • LAN net      *                 *           *               *                           Default LAN -> any

    WAN
    TCP/UDP      *            *        172.16.100.2  53 (DNS)      *                              DNS

    DMZ
    TCP/UDP  DMZ net  53 (DNS)  *          53 (DNS)      *                              DNS server

    I have setup outbount NAT

    Interface  Source  Source Port  Destination  Destination Port  NAT Address  NAT Port  Static Port  Description
    WAN    172.16.100.2/32  *                  *                      *                    *                  *      NO                Interface Address
    WAN    192.168.0.0/24  *                  *                      *                    *                  *      NO         Auto created rule for LAN 
    WAN  172.16.100.0/24 *                 *                     *                            *                 *     NO         Auto created rule for LAN

    When i am using linux/ipcop as firewall, with ns server running on dmz the output of nslookup should be something like this

    [root@apps ~]# nslookup google.com
    Server: x.y.z.94
    Address: x.y.z.94#53

    Non-authoritative answer:
    CUT

    but pfsense as a firewall the output is:

    [root@apps ~]# nslookup google.com
    Server: 172.16.100.2
    Address: 172.16.100.2#53

    CUT

    Is there a way to fix this, why are it use the dmz ip and not the public ip? i have been searching the forum and tried the possible solutions that i can find but it still does not work. By the way my dns is working fine. all my domain running on the 172.16.100.2 is working perfectly.

    any ideas or suggestions are welcome.

    tq.


Log in to reply