Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound port forward

    Scheduled Pinned Locked Moved NAT
    9 Posts 2 Posters 5.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bbsoptions
      last edited by

      Hi all.

      I have a 2.0 RC3 pfSense box with one LAN and two WAN´s in load balance mode. It´s working in Automatic Outbound NAT.
      I need now to redirect every request in port 53 to a single DNS server, independently of the DNS the clients specify in their TCP/IP configs. Does someone know how to do that?

      Danilo

      1 Reply Last reply Reply Quote 0
      • M
        Metu69salemi
        last edited by

        Are you saying that you want to force to use certain dns server no matter what is set to client?

        OR

        Do you want to use only one dns server no matter what gateway is used?

        1 Reply Last reply Reply Quote 0
        • B
          bbsoptions
          last edited by

          First option, force to use one DNS server no matter what is set in the client. The WAN´s are in load balance mode, it must be forced in both, but this is the easiest problem… :)

          1 Reply Last reply Reply Quote 0
          • M
            Metu69salemi
            last edited by

            Easy. rules of thumb first: rules work on ingress and top to down order.

            Create two rules, pass and block rules.

            1. Pass, tcp/udp, single host or alias, your allowed dns server, any source port, destination any, destination port 53
            2. Block, tcp/udp, any source, any source port, destination any, destination port 53
            3. put these rules above your allow any rule

            if your client is using allowed dns server it can ping www.google.com, if it's not using that then it can' ping it(or atleast ping doesn't pass through firewall ever)

            or you can make this with one rule.

            Block, tcp/udp, not, single host or alias, your allowed dns server, any source port, destination any, destination port 53

            1 Reply Last reply Reply Quote 0
            • B
              bbsoptions
              last edited by

              @Metu69salemi:

              if your client is using allowed dns server it can ping www.google.com, if it's not using that then it can' ping it(or atleast ping doesn't pass through firewall ever)

              Hummm… not exactly what i need but gave-me ideas.
              The scenario is: the client can configure any DNS server he wants, for example 216.239.32.10 (Google´s DNS) or even an invalid external DNS. When the connection come to pfSense it should redirect it for the DNS i want, example 216.239.34.10 (Google´s secondary DNS) or my internal DNS cache in another server 10.1.1.x.  The query must be completed in any way. This must be transparent for the clients.
              The PS is: port 53 must be open to 10.1.1.x, my internal DNS server, to complete his queries in the internet.  Pfsense is 10.1.1.y.
              Sometimes confusing...  :P

              Danilo

              1 Reply Last reply Reply Quote 0
              • M
                Metu69salemi
                last edited by

                Just use dhcp and set there wanted dns server, as it usually does.

                1 Reply Last reply Reply Quote 0
                • B
                  bbsoptions
                  last edited by

                  How i wonder to do that! By now, unfortunately, i must forget DHCP… Internal reasons. Even i don´t know why!

                  1 Reply Last reply Reply Quote 0
                  • M
                    Metu69salemi
                    last edited by

                    if you use dhcp server from pfsense, then it's easy
                    Services:dhcp server and select correct interface.
                    from there you can set dns server if you want something else to be used than pfsense

                    1 Reply Last reply Reply Quote 0
                    • B
                      bbsoptions
                      last edited by

                      Yes, i know that… but my boss dreams with angels and i have to suffer.  :-[
                      By now the problem is solved, tks all. He preferred to change all the clients manually, so i´ll suffer again in another way.

                      Again, tks all that tried to help me.

                      Danilo

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.