Problems resolving domain names behind the router



  • So I had my trusty old wrt54g die on me, and decided to run with an old tbird that was collecting dust.  I've got almost everything up and running perfectly, and from the outside world, NAT is handled, and requests to my webserver work just fine.

    From inside the network however, they don't.  Previously, with the wrt, I could just point at domainname.com:port and I would be sent to the correct box regardless of inside or outside the network.  Now however, that doesn't seem to work, as any reference to domainname.com resolves to the right ip, but doesn't seem to come back in through the NAT.

    For example, I have a windows virtualbox sitting at 192.168.1.3, and I want to forward 3389 to it, and from inside the network rdp://domainname.com and have it connect to that box.  As well I have a webserver hosting two domains on 192.168.1.42, and would like to be able to just go to www.domain1.com or www.domain2.com and have it bring me to that internal box, I'm doing this on a laptop that does travel with me though, so hardcoding hosts in won't work either.

    I've tried setting the domains to be overridden to a local address (not exactly what I want, but would have settled for it) but boxes internally still resolve to the external IP of the router.

    Ideally, what I'm trying to accomplish is this:  request for domainname.com comes from internal network, and is forwarded (or not) based on the NAT rules as if the box were outside the network.

    TIA



  • System > Advanced> uncheck Disable NAT reflection. That will fix using your public address from inside the network to get access internal services.

    The DNS part should have worked fine too, your clients must not have been using the server that you put the overrides on.



  • cryolithic,

    I am doing almost the same thing you are describing.
    I use dyndns.org to get back to my network when I am outside of it and I like being able to use mydomain.dyndns.org as a bookmark on my laptop no matter where I am, inside my network or outside of it.

    What you want will not require NAT, however if you are using non-standard ports for these services you will still have to specify them.

    What you probably want is to enter override records in the DNS Forwarder.
    Click on Servies -> DNS Forwarder

    Click on the plus symbol and fill out the form that comes up.  I'll use www.google.com as an example
    Host: www
    Domain: google.com
    IP: 192.168.115.70
    Description: DNS Override to force internal users to my search engine.

    I have pasted an image of my configuration.  I removed the actual text from the middle line as I don't want anybody trying to gain access to my network unnecessarily.  But you can see that if I try to resolve sample.dyndns.org from inside my network it will return 192.168.113.1.

    If you already have the hosts in as a local override then make sure you are using your pfSense box for DNS and not something outside your network.
    If you run "nslookup host.domain" then you'll see two sets of information, the server queried for the information, and the results it returned.  If the server is not your local DNS server then that would explain the issue.

    Good luck, hopefully this is in line with what you needed.




  • @vi02: I had tried what you suggest, and probably was using the wrong dns internally, but blak111 is onto what I really want.

    @blak111: I unchecked that setting, but I'm still having the same issues, where they seem to resolve to the pf box's internal nic (ie https://domain.com brings me to my config page)  I've tried recreating my forwards as well, and I see nothing under rules.  Is there anything else I might be missing?



  • It sounds like the port forward is going to the wrong address. Check your NAT rules and make sure the NAT IP is the IP address of your server and not pfSense.
    If you change a NAT rule, be sure to modify the firewall rule that goes with it.



  • Have you tried to leave the "host" field empty and just enter the name over which you access the server drectly in the "domain" field?

    Like in the attached screenshot here:
    http://forum.pfsense.org/index.php/topic,9440.msg53554.html#msg53554


Log in to reply