Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help with redirect port 53 rule and allowing a client to bypass rule

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 258 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pflife
      last edited by

      I'm trying to allow a client (unRaid box) to bypass at NAT rule that redirects all DNS traffic on port 53 to my piHole.

      I have the redirect rule set up and working properly on pfSense, but I want my unRaid client to be able to use static DNS so it doesn't have to get filtered through the piHole as it's unnecessary and slows down certain apps within unRaid.

      I've tried going into the static DHCP settings for the client and setting the static DNS, but that doesn't work as the NAT rule still catches everything.

      I think I need to set a rule for the client above the NAT rule but not sure how to or what it should be.

      Can anyone assist?

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by Derelict

        Make a DO NOT NAT rule on that interface with the IP address of the unraid as the source and put it above the general port forward. It should be what amounts to a copy of the redirect rule that forwards DNS for everyone but with No RDR checked (which eliminates the target fields) and a limited source address to match. The ports should still be TCP/UDP 53.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          pflife
          last edited by

          Thanks for the reply and help Derelict.

          Can you tell me if I have it right in the pic below?

          natrule.JPG

          1 Reply Last reply Reply Quote 0
          • DerelictD
            Derelict LAYER 8 Netgate
            last edited by Derelict

            Don't set source ports.

            50daf92e-bee2-440e-a107-206446fe0a62-image.png

            Chattanooga, Tennessee, USA
            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
            Do Not Chat For Help! NO_WAN_EGRESS(TM)

            1 Reply Last reply Reply Quote 0
            • P
              pflife
              last edited by

              Awesome, thank you.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.