Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Split DNS and Port Forwarding to web server on DMZ

    Scheduled Pinned Locked Moved DHCP and DNS
    5 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      drexlock
      last edited by

      I have a web server running NextCloud setup on my DMZ with the address 10.10.0.10 and want requests sent to drive.example.com on the LAN and WAN sent to the DMZ address. I tried setting up host override under DNS Resolver but when I browse to drive.example.com I hit a DNS Rebind Error on the pfsense page, when I disable DNS rebind drive.example.com takes me to the pfsense login page. I'm sure this isn't an uncommon setup but I've been having a heck of a time fining a guide using DNS resolver online that shows how ti set this up properly.

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Set your inside DNS (DNS Resolver) for drive.example.com to 10.10.10.10 using a host override.

        Set your outside DNS for drive.example.com to the outside IP address that is port-forwarded to 10.10.10.10.

        Nothing will ever hit anything listening on pfSense and there will be no rebind error.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • D
          drexlock
          last edited by

          Thanks, I tried that but when I browse to drive.example.com I'm taken to the admin page of the pfsense box. What's weird is that when i setup example.com to forward to 10.10.0.10 I don't get the pfsense admin page, I get the "Site cant be reached error". I have drive.example.com forwarded with a dynamic DNS to my network but don't have example.com setup the same way.

          Right now my Firewall rules are set to:

          LAN

              • LAN Address 443/80 * *
                IPV4 LAN * * * * Allowed to any rule
                IPV6 LAN * * * * Allowed to any rule

          DMZ
          IPV4+6 DMZ Net * LAN Net * *
          IPV4 TCP/UDP DMZ Net * * 53
          IPV4 TCP DMZ Net * * 80
          IPV4 TCP DMZ Net * * 443

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by

            Then you are not redirecting to the right place and/or are doing it wrong.

            What is your LAN address and netmask?

            What is your DMZ address and netmask?

            What is the inside, real IP address of the host serving the nextcloud?

            What is the inside, real IP address of the host you are testing from?

            When that test host looks up the DNS for your nextcloud server name, what is returned?

            Are you running squid or any other such nonsense on the firewall?

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • D
              drexlock
              last edited by

              I figured out the issue by going to another machine, it was not a pfsense configuration issue but a workstation issue. My workstation had been set to always use Google DNS and wasn't polling the pfsense box at all. So no matter what I changed in pfsense it wouldn't impact my testing machine.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.