test-web/dns-server + nat + dns

  • Hi,

    After spending the full weekend reading and testing I feel i'm left with asking this on the forum..

    Running 2.4.4
    5 NICs separating traffic.
    1 - LAN1 (private switch + wifi building1)
    2 - guestnetwork
    3 - LAN2 (private switch + wifi building2)
    4 - test-servers
    5 - WAN with Fixed public IP.

    DNS resolver (UNBOUND) enabled.

    WAN NAT: Destination WAN IP, ports (52,80,443), NAT IP (server1)
    LAN1 NAT: Destination WAN IP, ports (53,80,443), NAT IP (server1)

    Now in order to reach the testserver this works great from the outside (WAN) as traffic is forwarded to the correct server internally. However from the inside (LAN1) i get the reponse ERR_NAME_RESOLUTION_FAILED. When i change the NAT rule on LAN to forward all the traffic (not only WAN IP) i get reponse but i'm not able to reach "outside" websites due to DNS error.

    What setting /rule do i need to update to access the testserver from both the outside and the inside.


  • Netgate Administrator

    You shouldn't need that port forward on the LAN at all. Use one of these methods:

    Split DNS is the cleanest way to do it.


  • @stephenw10 Thank you for this suggestion. Initially it didnt work because i followed the steps literally. So i enabled dns forwarder... after rolling that back and setting domain override in Unbound (dns resolver) it worked.
    Although i dont like to manually maintain these records in pfsense it suits the needs for test servers.


Log in to reply