Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

AWS pfSense VPC DNS

General pfSense Questions

2

9

936

Log in to reply

P

Paddy
last edited by

I am having problems with my EC2 instances resolving AWS hostnames.

The pfSense has 127.0.0.1, xxx.xxx.0.2, 8.8.8.8, 8.8.4.4 configured as the DNS servers.

xxx.xxx.1.0/24 is the WAN subnet and xxx.xxx.2.0/24 is the LAN

When I spin up a EC2 on the LAN side it automatically gets given xxx.xxx.0.2 as it's one and only DNS server

I still have the default allow all in the LAN.

I can't ping xxx.xxx.0.2 from any EC2 in the LAN or from the WAN interface on pfSense diagnostics.

Any ideas?

Patrick
S 1 Reply Last reply
Reply Quote 0
S

stephenw10 Netgate Administrator @Paddy
last edited by

What/where is xxx.xxx.0.2 since it's not in the WAN or LAN subnet?

Can things on LAN ping 8.8.8.8?

Steve
P 1 Reply Last reply
Reply Quote 0
P

Paddy @stephenw10
last edited by Paddy

@stephenw10 said in AWS pfSense VPC DNS:

What/where is xxx.xxx.0.2 since it's not in the WAN or LAN subnet?

Can things on LAN ping 8.8.8.8?

Steve

That's what I'm not getting. I created a VPC with a 16 bit network. The only Subnets I have created are xxx.xxx.1.0/24 and xxx.xxx.2.0/24.

The dhcp option set for the VPC contains;
domain-name: eu-west-1.compute.internal
domain-name-servers: AmazonProvidedDNS

I can resolve external hosts just not AWS internal. I spotted the problem trying to mount a efs

I've no idea what is going on.

Cheers,
Patrick
1 Reply Last reply
Reply Quote 0
S

stephenw10 Netgate Administrator
last edited by

So the DNS server at xxx.xxx.0.2 is some external public IP? Not inside the VPC /16?
P 1 Reply Last reply
Reply Quote 0
P

Paddy @stephenw10
last edited by

@stephenw10 said in AWS pfSense VPC DNS:

So the DNS server at xxx.xxx.0.2 is some external public IP? Not inside the VPC /16?

No it is the within the 16bit network I specified for the VPC - it just isn't a subnet I have created.

This is what I followed to created this. (The subnets aren't the same tho);

youtube tutorial
1 Reply Last reply
Reply Quote 0
S

stephenw10 Netgate Administrator
last edited by

Hmm, well if neither the clients or pfSense have a route to that subnet I'm not sure how they are expected to reach it. AWS routes it via the WAN side gateway?
P 1 Reply Last reply
Reply Quote 0
P

Paddy @stephenw10
last edited by

@stephenw10 said in AWS pfSense VPC DNS:

Hmm, well if neither the clients or pfSense have a route to that subnet I'm not sure how they are expected to reach it. AWS routes it via the WAN side gateway?

I'm stumped. I'll maybe post in the AWS forums as to how to resolve. Would hate to tear down and start again.
1 Reply Last reply
Reply Quote 0
S

stephenw10 Netgate Administrator
last edited by

Start a ping to it. Check the state table. Where is the ping going?

Where is that subnet actually available if you haven't created it yet?

Steve
P 1 Reply Last reply
Reply Quote 0
P

Paddy @stephenw10
last edited by

@stephenw10 said in AWS pfSense VPC DNS:

Start a ping to it. Check the state table. Where is the ping going?

Where is that subnet actually available if you haven't created it yet?

Steve

Steve, once again many thanks for giving your time to help me.

I've got is working. I had DNS resolution enabled on the VPC, but not DNS hostnames. My EC2 still has XXX.XXX,0.2 as its dns server and I don't have a XXX.XXX.0.0 subnet. But its working now.
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1