When on LAN I can not reach a port forwarded device from xx.dyndns.org
-
Hi
I have a xx.dyndns.org setup that confuses me.
When on WAN I can reach a port forwared (port 4567) device behind pfsense.
But when im on LAN I need to connect to ip 192.168.x.x:4567 to reach it.I was thinking that this should be possible...
From LAN I can only reach xx.dyndns.org (port 80).
If i try xx.dyndns.org:4567 i dont reach it.Anybody who can help me one step further?
-
-
@johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
Thanks for info!
This hapened when I tried to enable DNS Forwarder:
How do i fix this?https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html
-
Why are you trying to enable the forwarder - if you want a host override and your using the resolver, then put the override in the resolver section.
-
@johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
Why are you trying to enable the forwarder - if you want a host override and your using the resolver, then put the override in the resolver section.
Thanks again.
Im not so skilled in pfsense so a lot of stuff i find awkward, and therminology is also not all under the hood. But I keep learnign :-) thanks to forum and youtube.
I did this because i thougth it was correct, ref your link to the solution part 2:
"Method 2: Split DNS
The more elegant solution to this problem involves using Split DNS. Basically this means that internal and external clients resolve hostnames differently."https://www.netgate.com/docs/pfsense/_images/splitdns-forwarder-example.png
I figure out that this is the resolver part:
But what a override is i dont understand... I have tried to find a video explaining this step by step but with no luck.
-
An override is just a dns record so vs resolving the fqdn xx.dyndns.org to your public IP like the rest of the internet you resolve it to the local IP 192.168.x.x
The guide clearly states to use the forwarder or resolver - depends on which one your using. Resolver is the default out of the box config of pfsense.
In order for this to work using the DNS Forwarder or Resolver in pfSense
-
@modesty said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
Im not so skilled in pfsense so a lot of stuff i find awkward, and therminology is also not all under the hood. But I keep learnign :-) thanks to forum and youtube.
Youtube is not a good source, there are lots of self proclaimed "experts" talking utter nonsense. A good start is to read the pfSense book: https://www.netgate.com/docs/pfsense/book/. And if you need to watch videos look at the pfSense hangouts, at least there the video creator actually knows what he is talking about.
-
@grimson said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
Youtube is not a good source, there are lots of self proclaimed "experts" talking utter nonsense
hehehe - so freaking true!!! ;)
-
@johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
@grimson said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
Youtube is not a good source, there are lots of self proclaimed "experts" talking utter nonsense
hehehe - so freaking true!!! ;)
I also agree, but the truth is, some of them do know what they do, so with stuff on internet, check the facts, the source and read comments (exept D Trump, he makes the facts and we dont need to question them, thanks, life is so much more easy now)
-
@johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
An override is just a dns record so vs resolving the fqdn xx.dyndns.org to your public IP like the rest of the internet you resolve it to the local IP 192.168.x.x
The guide clearly states to use the forwarder or resolver - depends on which one your using. Resolver is the default out of the box config of pfsense.
In order for this to work using the DNS Forwarder or Resolver in pfSense
I did use method 1 in your link, now it works for at least one of my devices behind pfsense
Thanks!
PS It is a bit slow when I on LAN uses dyndns.org, is that normal?
-
Method 1? No that is not ever going to be an optimal choice the OPTIMAL choice would be split dns.. Why hit pfsense wan to just get forwarded back in? Pointless and to be honest an abomination to good networking ;)
-
With NAT reflection the traffic has to pass through your pfSense instead of just your switch, that's always going to be slower. Additionally with NAT reflection the traffic may also hit your traffic limiters/QOS, which could further reduce the speed.
-
@johnpoz said in When on LAN I can not reach a port forwarded device from xx.dyndns.org:
Method 1? No that is not ever going to be an optimal choice the OPTIMAL choice would be split dns.. Why hit pfsense wan to just get forwarded back in? Pointless and to be honest an abomination to good networking ;)
Hi again, sorry for this, but I did not understand Methode 2, ref. previous message, I got an error when saving:
https://www.netgate.com/docs/pfsense/nat/accessing-port-forwards-from-local-networks.html..and I did not manage to understand your feedback:
*"johnpoz REBEL ALLIANCE GLOBAL MODERATOR about 20 hours ago
Why are you trying to enable the forwarder - if you want a host override and your using the resolver, then put the override in the resolver section."Then I tried method 1, and it works, but according to you and the guide it is not optimal.
So If you, or somebody else hang on and help me to do Metode 2, I certanly would appreaciate the help! A screenshot is for me a perfect help, this becaus I dont fully understand the terminology for this FW/Router subject. (I understand what to do if sombody asks me to go and buy beer :-)
Thanks!
-
Dude go into the resolver and put in your fqdn and IP you want it to resolve to locally...
