Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    When on LAN I can not reach a port forwarded device from xx.dyndns.org

    Scheduled Pinned Locked Moved General pfSense Questions
    14 Posts 3 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Modesty
      last edited by

      Hi

      I have a xx.dyndns.org setup that confuses me.

      When on WAN I can reach a port forwared (port 4567) device behind pfsense.
      But when im on LAN I need to connect to ip 192.168.x.x:4567 to reach it.

      I was thinking that this should be possible...

      From LAN I can only reach xx.dyndns.org (port 80).
      If i try xx.dyndns.org:4567 i dont reach it.

      Anybody who can help me one step further?

      Everything can be rebuilt!

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        M 1 Reply Last reply Reply Quote 0
        • M
          Modesty @johnpoz
          last edited by

          @johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

          Thanks for info!

          This hapened when I tried to enable DNS Forwarder:
          How do i fix this?

          https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html
          0_1541587078634_7478824a-4fd2-406f-898b-836ec98666cb-image.png

          Everything can be rebuilt!

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            Why are you trying to enable the forwarder - if you want a host override and your using the resolver, then put the override in the resolver section.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • M
              Modesty
              last edited by

              @johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

              Why are you trying to enable the forwarder - if you want a host override and your using the resolver, then put the override in the resolver section.

              Thanks again.

              Im not so skilled in pfsense so a lot of stuff i find awkward, and therminology is also not all under the hood. But I keep learnign :-) thanks to forum and youtube.

              I did this because i thougth it was correct, ref your link to the solution part 2:

              "Method 2: Split DNS
              The more elegant solution to this problem involves using Split DNS. Basically this means that internal and external clients resolve hostnames differently."

              https://www.netgate.com/docs/pfsense/_images/splitdns-forwarder-example.png

              I figure out that this is the resolver part:
              But what a override is i dont understand... I have tried to find a video explaining this step by step but with no luck.

              0_1541589229470_a1328cd6-418b-42f8-9a8f-2706e4b6351c-image.png

              Everything can be rebuilt!

              GrimsonG 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                An override is just a dns record so vs resolving the fqdn xx.dyndns.org to your public IP like the rest of the internet you resolve it to the local IP 192.168.x.x

                The guide clearly states to use the forwarder or resolver - depends on which one your using. Resolver is the default out of the box config of pfsense.

                In order for this to work using the DNS Forwarder or Resolver in pfSense

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                M 1 Reply Last reply Reply Quote 0
                • GrimsonG
                  Grimson Banned @Modesty
                  last edited by

                  @modesty said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

                  Im not so skilled in pfsense so a lot of stuff i find awkward, and therminology is also not all under the hood. But I keep learnign :-) thanks to forum and youtube.

                  Youtube is not a good source, there are lots of self proclaimed "experts" talking utter nonsense. A good start is to read the pfSense book: https://www.netgate.com/docs/pfsense/book/. And if you need to watch videos look at the pfSense hangouts, at least there the video creator actually knows what he is talking about.

                  1 Reply Last reply Reply Quote 1
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    @grimson said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

                    Youtube is not a good source, there are lots of self proclaimed "experts" talking utter nonsense

                    hehehe - so freaking true!!! ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    M 1 Reply Last reply Reply Quote 0
                    • M
                      Modesty @johnpoz
                      last edited by

                      @johnpoz

                      @johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

                      @grimson said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

                      Youtube is not a good source, there are lots of self proclaimed "experts" talking utter nonsense

                      hehehe - so freaking true!!! ;)

                      I also agree, but the truth is, some of them do know what they do, so with stuff on internet, check the facts, the source and read comments (exept D Trump, he makes the facts and we dont need to question them, thanks, life is so much more easy now)

                      Everything can be rebuilt!

                      1 Reply Last reply Reply Quote 0
                      • M
                        Modesty @johnpoz
                        last edited by

                        @johnpoz

                        @johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

                        An override is just a dns record so vs resolving the fqdn xx.dyndns.org to your public IP like the rest of the internet you resolve it to the local IP 192.168.x.x

                        The guide clearly states to use the forwarder or resolver - depends on which one your using. Resolver is the default out of the box config of pfsense.

                        In order for this to work using the DNS Forwarder or Resolver in pfSense

                        I did use method 1 in your link, now it works for at least one of my devices behind pfsense

                        Thanks!

                        PS It is a bit slow when I on LAN uses dyndns.org, is that normal?

                        Everything can be rebuilt!

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Method 1? No that is not ever going to be an optimal choice the OPTIMAL choice would be split dns.. Why hit pfsense wan to just get forwarded back in? Pointless and to be honest an abomination to good networking ;)

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          M 1 Reply Last reply Reply Quote 0
                          • GrimsonG
                            Grimson Banned
                            last edited by

                            With NAT reflection the traffic has to pass through your pfSense instead of just your switch, that's always going to be slower. Additionally with NAT reflection the traffic may also hit your traffic limiters/QOS, which could further reduce the speed.

                            1 Reply Last reply Reply Quote 0
                            • M
                              Modesty @johnpoz
                              last edited by

                              @johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:

                              Method 1? No that is not ever going to be an optimal choice the OPTIMAL choice would be split dns.. Why hit pfsense wan to just get forwarded back in? Pointless and to be honest an abomination to good networking ;)

                              Hi again, sorry for this, but I did not understand Methode 2, ref. previous message, I got an error when saving:
                              https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html

                              ..and I did not manage to understand your feedback:

                              *"johnpoz REBEL ALLIANCE GLOBAL MODERATOR about 20 hours ago
                              Why are you trying to enable the forwarder - if you want a host override and your using the resolver, then put the override in the resolver section."

                              Then I tried method 1, and it works, but according to you and the guide it is not optimal.

                              So If you, or somebody else hang on and help me to do Metode 2, I certanly would appreaciate the help! A screenshot is for me a perfect help, this becaus I dont fully understand the terminology for this FW/Router subject. (I understand what to do if sombody asks me to go and buy beer :-)

                              Thanks!

                              Everything can be rebuilt!

                              1 Reply Last reply Reply Quote 0
                              • johnpozJ
                                johnpoz LAYER 8 Global Moderator
                                last edited by

                                Dude go into the resolver and put in your fqdn and IP you want it to resolve to locally...

                                0_1541673395211_hostoverride.png

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.8, 24.11

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.