4. DNS Access in DMZ

DNS Access in DMZ

  • S

    I have this situation

    PFSENSE –--> dmz (172.19.20.0/24)
    |
    |
    |
    lan (192.168.126.0/24)

    I am using NAT reflection on NAT rule (TCP/UDP #53) and i can't access to my DNS from my LAN. All other servers is ok. I have inserted rules on DNS interface to reach my DNS buti can't reach it.
    have you idea why ?

    Stefano

    0
  • LAYER 8 Global Moderator

    Confused about nat reflection.

    Access between your dmz segment and your normal lan segment would be just normal firewall rules.  There should be no nat involved - and not sure why you would have to use nat reflection to access anything in either of those segments?

    Just so on same page here, so you don't have pfsense providing dns.  You have some other name server running in the dmz segment, be it bind, or ms dns or unbound, etc.  And you want machines in lan segment to access this server.

    You mention other servers access fine – so why would you think access to the name server would be any different then say a http server, etc.  Just create the rules to allow traffic on tcp/udp 53 between your lan segment and your dmz segment.

    0
  • Rebel Alliance Developer Netgate

    If your DNS server really does require NAT reflection, it won't work. NAT reflection is broken for UDP, and has been for years. (Check redmine.pfsense.org)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy