Pfsense + Windows 2016 (AD DNS DHCP) seeking help



  • Hi everyone,

    Could you please help as I set up my lab?

    Pfsense Turn off DHCP

    Win16 has 2 nics: Internal + external
    Win16 Configure DNS Forwarders to Pfsense DNS
    Win16 Configure Static route from Internal to External
    Win16 is able to connect to the internet through Pfsense

    Client PC joined successfully the domain (itmonks.local)
    Client PC can ping both nic on Win16
    Client PC canot ping google.com, thus cannot connect to the internet.

    Could you please help. I appreciate very much

    Thanks
    Minh



  • You'd need NAT rules on pfsense for the subnet your clients get. (I assume you have different subnet on internal vs external)

    You would also need a return route on pfsense, so it knows that win16 is the gateway to the subnet



  • Thanks. helper, Yes I have Win16 (DC DNS DHCP + 2 NICs) attached to Pfsense.

    So if I understood you correctly:
    1- I need to make a NAT rule on Pfsense
    WAN - addres => Win16 External address

    2-I would also need a return route
    Could you please point my to youtube clip that show how I can do it?

    Thanks. Appreciate it
    Minh



  • The nat rule should be for the client subnet.

    The route should point to the client subnet with win16 IP as gateway.
    See: https://www.netgate.com/docs/pfsense/routing/static-routes.html

    If you need more specific info, please draw a schematic that includes all involved ips & subnets



  • My network looks almost as in the picture and detailed info as below

    0_1533664861362_MySetup.jpg

    Pfsense:
    WAN Internet
    LAN1 192.168.10.1 = Subnet1 = DHCP DNS = Clients Subnet1
    LAN2 192.168.20.1 = Subnet2 = DHCP DNS = Ext + (Win2016) + Int. => Client Subnet2

    Win2016 (DC DHCP DNS)
    Ext = 192.168.20.200
    Int = 192.168.30.1
    Client Subnet2 = 192.168.30.0/24

    I believe I have to set up NAT but I cannot find Instruction how to do NAT for the entire windows subnet?

    Minh


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy