pfSense - DNS redirect to local DNS server
-
@fjmp24 said in pfSense - DNS redirect to local DNS server:
adguard displays firewall address
What does this mean? You are seeing this error?
Would be helpful if you showed how you setup redirection, and the actual output of your dig command.
-
@johnpoz No I have not an error.
Dig response:
Adguard home log:
IP is my pfsense address.
My configuration:
The alias MAIN_Host_Shepheherd represents Adgaurd Home host.
-
@fjmp24 what do you think it would show? your doing an outbound nat that nats it to your main address..
-
@johnpoz Client IP
-
@fjmp24 not sure what that has to do with you... Your doing you have a outbound nat on man, that says any traffic to that main host, on dns ports to nat it to your main address..
Here I setup a quick port forward to my pihole... You can see it lists my client as who asked for it.
-
@johnpoz I created the same rules and I have not the same result
I disabled my outbound rule. Your DNS server is in LAN network ?
-
@fjmp24 well what are your firewall rules what order.
-
Adguard receives the request and resolves the hostname.
But client receives a bad response !? -
@fjmp24 said in pfSense - DNS redirect to local DNS server:
But client receives a bad response !?
You showed a timeout.. Is your adguard server on the same network as your client.. This whole thread has gone over exactly why that is a problem..
Your client is most likely not going to accept an answer when it thought it was asking 1.2.3.4 if the answer comes from the adguards server IP.
Put your aguard on a different vlan than your client, or let pfsense do the query, ie normal redirection is loopback, or as you were doing before do a outbound nat.
In my setup my client was 192.168.9.100, and the pihole I redirected to is on 192.168.3.10, different network..
-
@johnpoz Yes my adguard and my client are in the same network.
But AndyRH uses a "NAT / Outbound - These masquerade the IP address to make the client happy" to resolve this problem and I must to see the client IP in adguard home:
-
@fjmp24 yup that will work - but your adguard is going log that pfsense IP asked for whatever, not your client.. You can't have both.
Simple solution is just move your adguard to a different vlan.. Problem solved. You can redirect, and will log your clients IPs
-
@johnpoz I created a VLAN for Adguard and all works Thanks Sorry for my newbie questions
-
@fjmp24 no problem - glad you got it sorted.. Maybe next time just do a bit of searching on the forum ;) Many many of these questions come up all the time.. And have been answered multiple times ;)
-
A AndyRH referenced this topic on
-
A AndyRH referenced this topic on
-
A AndyRH referenced this topic
-
A AndyRH referenced this topic
-
@AndyRH Are you going to connect pihole to pfSense over WAN or LAN ethernet?
-
@Antibiotic PiHole is on the LAN side.
-
@AndyRH Ok, thanks. So you are connected pihole LAN to pfsense LAN. Is it correct?
-
@Antibiotic All of the PiHoles are on VLAN42. PiHole services VLANS 2,42,100 and 129.
