Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    test-web/dns-server + nat + dns

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 2 Posters 371 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      ragit
      last edited by

      Hi,

      After spending the full weekend reading and testing I feel i'm left with asking this on the forum..

      Running 2.4.4
      5 NICs separating traffic.
      1 - LAN1 (private switch + wifi building1)
      2 - guestnetwork
      3 - LAN2 (private switch + wifi building2)
      4 - test-servers
      5 - WAN with Fixed public IP.

      DNS resolver (UNBOUND) enabled.

      WAN NAT: Destination WAN IP, ports (52,80,443), NAT IP (server1)
      LAN1 NAT: Destination WAN IP, ports (53,80,443), NAT IP (server1)

      Now in order to reach the testserver this works great from the outside (WAN) as traffic is forwarded to the correct server internally. However from the inside (LAN1) i get the reponse ERR_NAME_RESOLUTION_FAILED. When i change the NAT rule on LAN to forward all the traffic (not only WAN IP) i get reponse but i'm not able to reach "outside" websites due to DNS error.

      What setting /rule do i need to update to access the testserver from both the outside and the inside.

      Thanks

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You shouldn't need that port forward on the LAN at all. Use one of these methods:
        https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html

        Split DNS is the cleanest way to do it.

        Steve

        R 1 Reply Last reply Reply Quote 0
        • R
          ragit @stephenw10
          last edited by

          @stephenw10 Thank you for this suggestion. Initially it didnt work because i followed the steps literally. So i enabled dns forwarder... after rolling that back and setting domain override in Unbound (dns resolver) it worked.
          Although i dont like to manually maintain these records in pfsense it suits the needs for test servers.

          ====
          close.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.