Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FQDN resolving with DNS to external IP but internal IP being returned with ping

    Scheduled Pinned Locked Moved
    NAT
    2
    4
    105
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      sogorman
      last edited by

      I have a 192.168.0.0/24 network with some external facing services. When i attempt to connect to one of those FQDN names the DNS lookup works as expected but traffic gets routed / returned to the internal address and not the address on the FQDN.

      sogorman@01:~$ ifconfig
enp101s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.60  netmask 255.255.255.0  broadcast 192.168.0.255
        inet6 fe80::265e:beff:fe65:a21c  prefixlen 64  scopeid 0x20<link>
        ether 24:5e:be:65:a2:1c  txqueuelen 1000  (Ethernet)
        RX packets 630027474  bytes 131611471924 (131.6 GB)
        RX errors 0  dropped 2946716  overruns 0  frame 0
        TX packets 679507865  bytes 285142565720 (285.1 GB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 2279609  bytes 405157505 (405.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2279609  bytes 405157505 (405.1 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

      sogorman@01:~$ ping local.redacted.com
PING local.redacted.com (72.44.xxx.xxx) 56(84) bytes of data.
64 bytes from 192.168.0.7: icmp_seq=1 ttl=128 time=0.411 ms (DIFFERENT ADDRESS!)
64 bytes from 192.168.0.7: icmp_seq=2 ttl=128 time=0.320 ms (DIFFERENT ADDRESS!)
64 bytes from 192.168.0.7: icmp_seq=3 ttl=128 time=0.358 ms (DIFFERENT ADDRESS!)
64 bytes from 192.168.0.7: icmp_seq=4 ttl=128 time=0.334 ms (DIFFERENT ADDRESS!)
^C
      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @sogorman
        last edited by

        @sogorman Are you doing say a 1:1 nat?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        S 1 Reply Last reply Reply Quote 0
        • S
          sogorman @johnpoz
          last edited by

          @johnpoz yes for those external IPs there is a 1:1 inbound nat... which I believe I want for the external traffic to resolve properly, only issue is with Internal traffic trying to resolve the external FQDN

          ![alt text](Screenshot 2024-09-18 081830.png image url)

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @sogorman
            last edited by johnpoz

            @sogorman well you don't really need to do a 1:1, you could do simple port forwards for the ports you want vs all of them ;)

            So you want this fqdn to resolve to the internal IP? Just setup a host override so your local.redacted.com resolves to the 192.168.0.7

            What your seeing now is WAD, Works As Designed.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            1 Reply Last reply Reply Quote 0
            • First post
              Last post