Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HEEEELP! One WAN, three LAN, can't get DNS to work.

    Problems Installing or Upgrading pfSense Software
    2
    2
    2.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      Winston
      last edited by

      Hi guys,

      I've been trying to configure pfSense for a couple of days now.  I can get all devices to talk internally, but I can't get DNS to work.

      I'm a Wintel expert, with no previous experience with BSD.  I do have a fair bit of Cisco IOS knowledge.

      Here's a summary of the network:

      WAN connection:  Edimax Multi-WAN DSL router, IP of that router is 192.168.2.1(/24).  I need all WAN traffic to go through this router, and all DNS queries need to be handled by it.  192.168.2.2/24 is the IP for the WAN interface on the pfSense router.

      LAN1:  pfSense interface:  192.168.1.17/28.  Contains three servers, with static IP addresses of 192.168.1.25, 192.168.1.26, 192.168.1.30.  These need outbound and inbound access to the internet, as they host web services (some of these services require outbound connections to servers on other sites.)

      LAN2:  pfSense interface:  192.168.1.129/28.  Contains workstations, all addresses assigned by DHCP.  Ideally, DHCP should be assigned by pfSense.

      LAN3:  pfSense interface:  192.168.1.145/28.  Contains another server, with a static IP address:  192.168.1.150.  Needs inbound and outbound access to the internet, as it is an email server.

      So basically, what I need is for all three networks to be able to access external networks via the WAN address, and for those three networks to be able to talk to each other.  Once that's in place, I can place filters to prevent specific ports and IPs from exchanging data across the three networks.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • H
        hoba
        last edited by

        Create pass any protocol any source any destination rules at all interfaces except WAN first (firewall>rules). Then enable DHCP Server for the additional interfaces (services>dhcp, opt1 and opt2 tab). Set your Router as DNS-Server at system>general unless it already is assigned via DHCP and uncheck "override by DHCP" if needed. Then create portforwards at WAN (firewall>NAT, portforward) for all needed services to the servers in the different subnets. Make sure autocreate rule is checked (it's checked by dfault). You might want to check "Register DHCP leases in DNS forwarder" at services>dns forwarder too.

        Last but not least add portforwards to your router in front of the pfSense to hit the WAN IP of the pfSense for your different services. This is a double NAT setup and therefor doesn't need any routes. If you rather want to route you have to setup advanced outbound NAT too and some routes. Also the portforward part would be different. However the described setup makes it easy to drop the router in  front of the pfSense later and place the pfSense at the real WAN if this is what you want to do later.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.