Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfSense - DNS redirect to local DNS server

    Scheduled Pinned Locked Moved NAT
    natdnsmasqueradepihole
    32 Posts 7 Posters 9.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fjmp24 @johnpoz
      last edited by

      @johnpoz I created the same rules and I have not the same result

      62acdc61-1697-4663-87e7-afd24b03ce22-image.png

      I disabled my outbound rule. Your DNS server is in LAN network ?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @fjmp24
        last edited by

        @fjmp24 well what are your firewall rules what order.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        F 1 Reply Last reply Reply Quote 0
        • F
          fjmp24 @johnpoz
          last edited by fjmp24

          @johnpoz

          33e1b916-2a52-4c52-90f0-0aa1978c0dd9-image.png

          a9f99445-2b43-4d2f-9e20-08985698d6dc-image.png

          462c771b-f529-4436-8c03-e219ce9bb389-image.png

          Adguard receives the request and resolves the hostname.
          But client receives a bad response !?

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @fjmp24
            last edited by johnpoz

            @fjmp24 said in pfSense - DNS redirect to local DNS server:

            But client receives a bad response !?

            You showed a timeout.. Is your adguard server on the same network as your client.. This whole thread has gone over exactly why that is a problem..

            Your client is most likely not going to accept an answer when it thought it was asking 1.2.3.4 if the answer comes from the adguards server IP.

            Put your aguard on a different vlan than your client, or let pfsense do the query, ie normal redirection is loopback, or as you were doing before do a outbound nat.

            In my setup my client was 192.168.9.100, and the pihole I redirected to is on 192.168.3.10, different network..

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            F 1 Reply Last reply Reply Quote 0
            • F
              fjmp24 @johnpoz
              last edited by

              @johnpoz Yes my adguard and my client are in the same network.

              But AndyRH uses a "NAT / Outbound - These masquerade the IP address to make the client happy" to resolve this problem and I must to see the client IP in adguard home:

              b44cd758-195c-4c8f-ac1b-8c3f60e2e662-image.png

              johnpozJ 1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator @fjmp24
                last edited by

                @fjmp24 yup that will work - but your adguard is going log that pfsense IP asked for whatever, not your client.. You can't have both.

                Simple solution is just move your adguard to a different vlan.. Problem solved. You can redirect, and will log your clients IPs

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                F 1 Reply Last reply Reply Quote 0
                • F
                  fjmp24 @johnpoz
                  last edited by

                  @johnpoz I created a VLAN for Adguard and all works Thanks Sorry for my newbie questions

                  johnpozJ 1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator @fjmp24
                    last edited by

                    @fjmp24 no problem - glad you got it sorted.. Maybe next time just do a bit of searching on the forum ;) Many many of these questions come up all the time.. And have been answered multiple times ;)

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • AndyRHA AndyRH referenced this topic on
                    • AndyRHA AndyRH referenced this topic on
                    • AndyRHA AndyRH referenced this topic on
                    • AndyRHA AndyRH referenced this topic on
                    • A
                      Antibiotic @AndyRH
                      last edited by

                      @AndyRH Are you going to connect pihole to pfSense over WAN or LAN ethernet?

                      pfSense plus 24.11 on Topton mini PC
                      CPU: Intel N100
                      NIC: Intel i-226v 4 pcs
                      RAM : 16 GB DDR5
                      Disk: 128 GB NVMe
                      Brgds, Archi

                      AndyRHA 1 Reply Last reply Reply Quote 0
                      • AndyRHA
                        AndyRH @Antibiotic
                        last edited by

                        @Antibiotic PiHole is on the LAN side.

                        o||||o
                        7100-1u

                        A 1 Reply Last reply Reply Quote 0
                        • A
                          Antibiotic @AndyRH
                          last edited by Antibiotic

                          @AndyRH Ok, thanks. So you are connected pihole LAN to pfsense LAN. Is it correct?

                          pfSense plus 24.11 on Topton mini PC
                          CPU: Intel N100
                          NIC: Intel i-226v 4 pcs
                          RAM : 16 GB DDR5
                          Disk: 128 GB NVMe
                          Brgds, Archi

                          AndyRHA 1 Reply Last reply Reply Quote 0
                          • AndyRHA
                            AndyRH @Antibiotic
                            last edited by

                            @Antibiotic All of the PiHoles are on VLAN42. PiHole services VLANS 2,42,100 and 129.

                            o||||o
                            7100-1u

                            1 Reply Last reply Reply Quote 0
                            • AndyRHA AndyRH referenced this topic on
                            • AndyRHA AndyRH referenced this topic on
                            • AndyRHA AndyRH referenced this topic
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.