DNS Access in DMZ
stemond last edited by
I have this situation
PFSENSE –--> dmz (172.19.20.0/24)
I am using NAT reflection on NAT rule (TCP/UDP #53) and i can't access to my DNS from my LAN. All other servers is ok. I have inserted rules on DNS interface to reach my DNS buti can't reach it.
have you idea why ?
Confused about nat reflection.
Access between your dmz segment and your normal lan segment would be just normal firewall rules. There should be no nat involved - and not sure why you would have to use nat reflection to access anything in either of those segments?
Just so on same page here, so you don't have pfsense providing dns. You have some other name server running in the dmz segment, be it bind, or ms dns or unbound, etc. And you want machines in lan segment to access this server.
You mention other servers access fine – so why would you think access to the name server would be any different then say a http server, etc. Just create the rules to allow traffic on tcp/udp 53 between your lan segment and your dmz segment.
If your DNS server really does require NAT reflection, it won't work. NAT reflection is broken for UDP, and has been for years. (Check redmine.pfsense.org)