Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS Rule issues

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 934 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P Offline
      prosenba
      last edited by

      I have my own DNS servers, they answer for internal and external lookups, externally the Domain register sends the request via the static IPs and it resolves internally to the dns server port 53. The problem is the rule that is working is any wan port 53 to Lan IP of DNS server. I tried to change the rule that the external static IP points internal server IP on port 53. This didn't work at all no traffic was coming in. I have to set the wan side to any, instead of the static IP. I was hoping to forward dns based on the WAN IP to the specific internal IP.

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Can you show the specific rules that do and do not work, both NAT (port forward or 1:1) and firewall rules?

        The source on WAN rules (and port forward rules) is the remote clients, not the public address on your side. It sounds like that's what you changed, and that won't work to accomplish what you're attempting. But if you show us what you've got and tell us a bit more about what you're trying to do, we might be able to come up with something to help.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          ^ yeah your source on your nat and firewall rule would be ANY, your dest would be your wan addess on a forward.  If you try and lock down the source then that traffic would have to be coming from that IP.  I don't know how you would know what that is if your serving up dns to the public from this.

          As mentioned post your rules and nats, and we can see what your doing wrong.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.