Port-forwarding DNS not working



  • Hi there-I've got a PFSense 1.2.2 firewall setup and am having some issues. Here's my setup:

    I have a DNS server on my LAN that needs to provide DNS services to clients over the Internet (i.e. it's an authoritative DNS server and needs to be accessible from the WAN)
    I added the additional WAN IP as a Virtual IP using Proxy ARP
    I setup 1-to-1 NAT between the WAN IP and the server's LAN IP
    I then setup a port-forwarding rule for DNS, TCP/UDP from the WAN IP to the LAN IP
    I've confirmed that outbound connections from the server are working properly and the 1-to-1 NAT is working (requests go out on the correct IP)
    I tested port-forwarding other services (HTTP, HTTPS) to the same server and same IP and those work fine….DNS is the only one that won't work right.

    When clients attempt to connect and query the DNS server, they are not able to get a response from the DNS service on my server. I'm using BIND9 and I've confirmed that the service is running and responding properly (I can run DIG requests against it from another machine on the LAN and it responds fine). I've tried using TCP/UDP, and TCP, and then UDP all separately and get the same results no matter what. I've also tried turning off the DNS Forwarder in PFSense for fear that it was interfering.

    Anyone have any ideas on how to get my port-forwarding rules for DNS to work?



  • Just like any other port forward. You will want TCP/UDP. See:
    http://doc.pfsense.org/index.php/Port_Forward_Troubleshooting



  • Thanks for the link and info….but I've already tried that (as noted in my original post). I'm somewhat convinced that the problem is something with the BIND configuration that needs to be modified for it to work properly through a firewall but I've already bound it to the correct IP and port...still no luck.


Log in to reply