Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Cant get WAn side of pfSense to resolve DNS via LAN side. VirtualBox Lab Setup

    DHCP and DNS
    1
    1
    303
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      twelsh37
      last edited by

      Hi All,

      First post so please be gentle.

      I'm trying to setup a VirtualBox Lab on one of my Ubuntu Servers to do some malware research.

      What I have configured is as follows.

      My Home network is 192.168.0.0/24  and the route to the internet is via cable modem on 192.168.0.1
      The Ubuntu Server is ip'ed as 192.168.0.13 and this has VIrtualBox running on this Server and I have created an internal network on the range 10.0.0.0/24

      I have the following Virtual Machines running on that network

      AD Server (Windows Server 2012r2)  - 10.0.0.10
      Guest1 (Windows 7 ) - 10.0.0.71
      Guest2 (Windows 8 ) - 10.0.0.72
      Guest3 (Windows 10 ) - 10.0.0.73
      Guest4 (Windows XP ) - 10.0.0.74

      I have pfSense 2.4.2-RELEASE-p1 (amd64) running with the following two interfaces

      WAN (wan)      -> em0        -> v4: 10.0.0.254/24
      LAN  (lan)      -> em1        -> v4: 192.168.0.254/24

      From the firewall I can ping all IP addresses on both the LAN and the WAN side.
      On The WAN side I can ping all the hosts and the EM0
      On the LAN side I can ping the internet gateway  and the EM1 interface so I know all connectivity is there.

      What I want to do, and I cant figure out how to do it as I'm too stupid, is to have the WAN interface resolve DNS lookups for me and forward them on to the internet gateway via em1.

      I realise this is WAN doing lookups on the LAN and this is a bit backwards but as this is my lab i cant see how to set it up any other way.

      I have spent most of the day reading docs from google and watching videos on Youtube regarding setting up DNS resolvers but all to no avail. I still cant get any resolution done

      Here is what i see in the filterlogs on the firewall

      Jan 11 23:26:45 firewall filterlog: 9,,,1000000103,em0,match,block,in,4,0x0,,64,44004,0,DF,17,udp,82,10.0.0.30,8.8.8.8,36710,53,62
      Jan 11 23:26:45 firewall filterlog: 9,,,1000000103,em0,match,block,in,4,0x0,,64,44005,0,DF,17,udp,82,10.0.0.30,8.8.8.8,36710,53,62
      Jan 11 23:26:51 firewall filterlog: 9,,,1000000103,em0,match,block,in,4,0x0,,64,17143,0,DF,17,udp,67,10.0.0.30,10.0.0.254,37360,53,47
      Jan 11 23:26:51 firewall filterlog: 9,,,1000000103,em0,match,block,in,4,0x0,,64,17144,0,DF,17,udp,67,10.0.0.30,10.0.0.254,37360,53,47
      Jan 11 23:26:56 firewall filterlog: 9,,,1000000103,em0,match,block,in,4,0x0,,64,25589,0,DF,17,udp,67,10.0.0.30,192.168.0.1,42088,53,47
      Jan 11 23:26:56 firewall filterlog: 9,,,1000000103,em0,match,block,in,4,0x0,,64,25590,0,DF,17,udp,67,10.0.0.30,192.168.0.1,42088,53,47

      On the firewall in the System -> General section i have the following set

      DNS Serves - 8.8.8.8  NONE
      DNS Server Override is checked

      Under Services -> DNS Resolver -> General setting i have the following configured

      Enabled  -> Checked
      Listen port -> 53
      Network Interfaces -> All
      Outgoing Network Interfaces ->All
      DNSSec -> Checked

      I have attached a lab diagram and my exported xml config and attached them to the post. Ive dicked around with domain names in teh config and a few keys but only for obfuscation of bits. Apart from that its as it sits on the box. Anty help would be greatly appreciated. i cant believe this has me flummoxed.

      ![Lab Diagram.png](/public/imported_attachments/1/Lab Diagram.png)
      firewallconfig.txt

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.