• I've tried setting up pfSense for a client who hosts his own web servers and mail server. The problem I've run into is that 2 of the 3 servers can't seem to resolve host names even when I specify DNS servers on them directly. The difference between these 2 and the unaffected server is that the unaffected server receives traffic from the main IP address while the other two receive traffic destined for Virtual IPs. Still, I don't see why that would affect outgoing DNS requests. Any ideas?

  • It means you set up your NAT incorrectly.  Chances are that you set up port forwards using the VIPs as external addresses instead of setting up proper 1:1 NATs.  It happens all the time.  Set up 1:1 NAT mappings instead of port forwards and you'll be fine.

  • Thank you submicron.

    One question regarding that. Can I set up firewall rules to restrict access to only the ports I want to be accessible publicly? Or is it something I need to do server-side?

  • You just have to create the block rules on the WAN interface.

  • The WAN is default deny.  The firewall rules you have in place already are likely sufficient.

  • Odd, but I removed the port forwards and set up 1:1 for the VIPs and I still cannot access the internet from them.

  • Is it just DNS, or is it all traffic?

  • Before, it was just DNS. I was able to access web sites by IP address. It was also just outgoing traffic and the servers were accepting incoming requests fine. After removing the port forward rules and making it just 1:1, no traffic gets through in either direction.

Log in to reply