*please move if not NAT* odd issue after weeks working fine, with pfsense and Pi-hole dns server



  • okay, so first and foremost, I'm at a loss for what this issue is coming from, and if it even is an issue with pfsense or if it is an issue with my raspberry pi running pi-hole, so just to be up front, I AM going to be posting a support request for this HERE, And with pi-hole's support forum, because I am at a total loss for what has happened here, and honestly do not even know which of the two systems is the problem child, if you will.

    so, anyways, everything has been working fine for weeks, and then randomly, seemingly out of nowhere, I had to reboot my raspberry pi, shortly after having to reboot my pfsense firewall, and then out of nowhere, EVERYTHING began getting tagged with my home domain name I am using for localized domain mapping for devices I'd like to access with hostnames instead of IP addresses (plex.home.lan for example, firewall.home.lan for another example, pi3.home.lan, pi4.home.lan, you get the idea).......that's about when things got weird for no apparent reason, because, I'm sorry, if I owned reddit.com I would not be living with my parents and unemployed hahaha...

    so, yea, basically out of nowhere, EVERYTHING is getting tagged with my .home.lan setting in my pi-hole server, and its making things.....very weird... because I can still functionally use the internet, ads are indeed still being blocked somehow even though everything's no longer at its proper domain, yet, other things are just behaving very strangely, like, my playstation 4, that I have always been able to connect to the internet on without problem, is now unable to connect to the internet even though its definitely seen in pfsense, and other certain oddities that still function properly and usably, still behave very strangely, and I have absolutely no idea what has gone awry here

    yes, for the record, it is entirely possible I do not have things set up correctly, so if someone can help me get to that point then I am totally okay with this...I do this stuff for fun as a passionate hobby, but by no means does that mean I know exactly what I am doing to get the end results that I want, I succeed by sheer trial and error, time, frustration, and stubborn dedication.

    if I do not have my dns set up correctly, this might explain things, but I do not know if I do or not, however what I DO want, is to use my raspberry pi's pi-hole instance as my ONLY local dns, and anything that is not local dns to be sent by the pi itself, NOT pfsense, to upstream dns servers, and I have no honest clue if that's how the thing is working or not.

    also, nearly forgot to say this part up here, my pi-hole dns server is set as the dns server in general setup for pfsense, I have also told pfsense to NOT allow wan dhcp to override the dns servers, if that makes any significant difference. NAT is also set to be automatic discovery.

    anybody willing to lend me a hand at finding out what is going on here?

    now to list how things are set up:

    pfsense is being used as my localized home router, that I have to use behind the family home router, yes I am aware this is usually considered bad practice and all that, but there is a handful of good reasons that I do this, not the least of which being that with my father working from home, I absolutely cannot capitalize on the home bandwidth and kick him off his conference calls (windows updates anyone, nvidia drive updates, iso downloads, just to name 3 huge reasons for that bandwidth limiter in pfsense)

    I do not honestly know which nat mode I need to set pfsense up with

    pfsense has squid as a reverse proxy to ease with me intentionally limiting the connectivity speeds for myself so as to not kick anyone else off the network with my father working from home

    I HAVE snort installed, but it is currently disabled given that I could not properly figure out how to set it up for my networks usage without it causing certain data to fail to load (telegram images for one specific example, would just straight up refuse to download)

    pfsense is both being used as a firewall/router for me, as well as being used as a large lan bridge for the sake of having a managed switch capable of vlans for my direct usage later on when I get more things fully ironed out with its setup and configuration, and get back to working on my servers for use with furthering my IT knowledge

    squid was being used as a transparent proxy with https scanning, but having discovered all the issues I had run into with that attempted configuration, I have since set it in transparent mode without https scanning, so clamav is currently disabled, as is icarp, and I have all of my windows devices set to use pfsense as a gateway proxy directly which has allowed things to work more reliably and as expected of them when I had originally set things up.

    if there is anything needed information wise that I have missed, please just ask me and I'll add it or edit this post to reflect the changes requested for additional information.

    all I am after here is getting these odd issues fixed, and or getting things either improved, or set up correctly for the desired usage I am after, this is all always a learning process for me, and what other great way to learn more on how to do things than to try them, and ask whats up when you cannot figure out whats not right yourself? so, I am here to learn and improve my existing knowledge, any and all help is greatly appreciated!



  • nevermind, this issue is just causing me more headache than its worth given I can get essentially the same functionality by way of pfblockerng, so I'm just going to cut my losses with this confusing issue and go all in on pfsense given it can do everything I need, and my pi-hole server for what ever reason is being slow as heck.

    thank you guys for the time. I'm just going to make things easier for me and go all in on my pfsense firewall which I already know works for the task.


Log in to reply