Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Best pattern for redirection of NTP, DNS etc

    NAT
    1
    1
    154
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chris-1028
      last edited by chris-1028

      I see different patterns suggested for stuff like NTP & DNS “containment” ranging from pass/NAT/block rules to NAT only, and NAT rule variations with destination * or something more specific.

      Two simple questions about an example from pfSense Docs (extract below):
      1: Why the Invert Match, LAN Address “complication” instead of * ?
      2: Why have a rule blocking access to other DNS servers if you have NAT redirection ?

      Chris

      “ Redirecting all DNS Requests to pfSense

      • Interface: LAN
      • Protocol: TCP/UDP
      • Destination: Invert Match checked, LAN Address
      • Destination Port Range: 53 (DNS)
      • Redirect Target IP: 127.0.0.1
      • Redirect Target Port: 53 (DNS)
      • Description: Redirect DNS
      • NAT Reflection: Disable
        If DNS requests to other DNS servers are blocked, such as in the Blocking DNS queries to external resolvers example… ”
      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.