Single wan -> lan with port forward for DNS - everything blocked



  • Hey guys,

    New to pfsense from smoothwall.

    Having my first go at it this weekend..after much reading.

    We have a simple installation right now (dual wan later) and I'm trying to get port forwarding for DNS to work.

    everything is set up for local outbound and working
    cleared out all rules and rebooted
    added port forward for 53 from wan to our 10.1.x.x dns server - auto create firewall rules.

    Getting this: 1. 314067 rule 39/0(match): block in on dc1: 202.101.x.x.58278 > 172.16.0.2.53:  20478[|domain]

    As you can see, dc1 is our WAN with a private IP assigned of a 172….
    This was done because we have a comcast gateway that is without a manual and the only way I could get packets to hit the firewall was to allow the gateway to take the static IP (recommended by them) and then create forward everything in locally. Seems to work due to the logs.

    So I've disable the 'blocking of private' networks under the WAN interface and still can't seem to figure out why everything is being blocked?

    Thanks so much for your time on this guys, and if i have happened to overlook this in my forum/wiki searching..please point me in the right direction.

    Thanks!

    NAT PORT FWD:
    WAN  TCP  53 (DNS)  10.1.0.6 (ext.: 172.16.0.2) 53 (DNS)

    RULES: (for wan + the default outbound for lan)
    TCP  *  *  10.1.0.6  53 (DNS)  *



  • I moved the wan to our live t1 so I could log more traffice.

    I added NAT rules + auto FW rules for HTTP

    I see passed packets for port 80 and tons of block still for 53.

    Thanks!


Log in to reply