DNS help.. i think

luke240778

Hey all, playing around with DNS has never been one of my strengths, so hope i can get some help here.

I am not sure if this can be cone on my pfSense box or not, but what i am wantign to do is the following:

I have am application on one of my servers which i can access via the Servers ip/gui or hostname/gui. I ma wanting clients on my LAN to be able to access this, without giving away the server IP of Hostname.. so its it possible to somehow create something similar to a FQDN like www.mydomain.com/gui that will be Intranet side and not actually available on the web via that link?

I would also like to know if it is possible to stop anyone being able to get to the pfSense login screen via IP? as my LAN interface IP is 10.0.0.1 and that is how i access the gui, but also knowing that any client sees that 10.0.0.1 IP as their gateway via ipconfig/all.. i would like to be able to secure my networkk a little by not having the problem of someone getting to that login and maybe getting on the GUI?

ptt

Hey all, playing around with DNS has never been one of my strengths, so hope i can get some help here.

Use "Host Overrides" on DNS Forwarder

I would also like to know if it is possible to stop anyone being able to get to the pfSense login screen via IP? as my LAN interface IP is 10.0.0.1 and that is how i access the gui, but also knowing that any client sees that 10.0.0.1 IP as their gateway via ipconfig/all.. i would like to be able to secure my networkk a little by not having the problem of someone getting to that login and maybe getting on the GUI?

Just create a FW rule on LAN Blocking acces to the pfSense web port

Host_Overrides.PNG_thumb

luke240778

Thanks for the reply, ill take a look at that.

The second part, i still want me to be able to access the pfSense GUI.. was kinda hoping that i could block it for everyone apart from me?

ptt

Yes, just make a rule "Blocking" "any" "that's not your PC IP" (see attached; Let's say that your PC ip is 10.0.0.99 & the Web Menu port is 8888)

Put that rule On top of any other, then Disable the "Anti-Lockout Rule"

Also you can use an Alias with the IPs allowed to access the Web menu

Edit: just make sure that you choose "Source port range" –> "ANY" ;)

![Block & Pass Rule.PNG](/public/imported_attachments/1/Block & Pass Rule.PNG)
![Block & Pass Rule.PNG_thumb](/public/imported_attachments/1/Block & Pass Rule.PNG_thumb)

luke240778

Thanks for that, i will look into doing that.

Another thing, from my first post.. to be able to have IP's resolve to FQDN's, but only Internal (intranet.mydomain.com), as this is internal only, then i obviously dont do anything with my DNS settings at the host but to do this i am guessing that i do need to have a LAN side DNS server? I could just use the dns-server package on pfSense? I don't currently have local DNS.

ptt

If you are using the pfSense DNS Forwarder as your LAN clients DNS, is enough to use the "Host Overrides"

let's say that you want your LAN clients go to 10.0.0.5 when browse for www.billing.muti.com

Just add that in the "Host Overrides"

Host: billing

Domain: muti.com

IP: 10.0.0.5

Thats all

luke240778

Thanks for the help.. i'll play around with that.