[Solved] Cannot access from LAN

  • I'm not sure if this is the right place as I do not know what seems to be the problem.

    Currently I have the following setup:

    *Dynamic DNS - Namecheap
    *Domain - mydomain.com
    *Servers:, 200
    *Port: 5000, 3000, 32400 (and etc)

    I have set as Plex Media Server, I have also fowarded the port in NAT with the WAN interface.

    I could access the server from the net by going to mydomain.com:32400. However, from within my own network, lan/wan, if I punch in the same address, I am unable to connect to the server. I would need to manually enter in order to access it.

    What seems to be the problem?

  • Netgate Administrator

  • Thanks!

    Here's what I have done:

    #1 - Enable DNS Forwarder
    #2 - Enabled Register DHCP leases in DNS forwarder
    #3 - Enabled Register DHCP static mappings in DNS forwarder
    #4 - Interfaces: all
    #5 - Host Override

    Host: www
    Domain: mydomain.com
    Ip Address: (Plex Server)
    Alias: plexserver

    (FQDN of the server is plexserver.mydomain.com)

    #6 - Reboot Server
    #7 - Check DNS Server = (Same as router/gateway) = OK

    Result: Cannot resolve

    I then went on to fowarded port from
    #1 - LAN - Port 32400, redirect ip

    Result: Cannot resolve

    what seems to be the problem?

  • Alright I figured out the problem, looks like even the client must be pointed to pfsense as the DNS server in order for it to work. Which means I also need to manually point reconfigure all the AP to point to pfsense as the DNS server.

    If I were to perform split dns on my own DNS server, do I just simply disable dns fowarder and leave NAT translation disabled as well?

  • LAYER 8 Global Moderator

    "Which means I also need to manually point reconfigure all the AP to point to pfsense as the DNS server."

    When you say AP - you mean Access Point right?  APs do not provide dns normally - since they are not the gateway, just an AP and don't normally provide dhcp or dns..  They are just the connection from wireless to wired.

    The common setup is that your gateway router provides dhcp, dns..  Now sure you can point dns elsewhere and use something else to provice dhcp in your network.  For example if you run AD, then all clients should point there for dns and normally it provides dhcp.

    But I have never ever ever seen an AP used as dns – so unless your double natting, and not really AP I don't see why you should have to change anything on your AP.  Nor do I understand why all your clients don't already talk to pfsense as your dns caching resolver?

  • You are right. While I was going back to check out the APs, there were no option to set DNS server. Some configurations within pfsense is a little confusing like multiple areas for DNS address and etc. I had some trouble with DNS not being assigned properly and what not but it's all fixed now.

    Here's what I've done:

    System -> General Setup ->,
    Unchcked: Allow DNS server list to be overridden by DHCP/PPP on WAN
    Unchecked: Do not use the DNS Forwarder as a DNS server for the firewall

    System -> Advanced -> Firewall/NAT
    NAT Reflection mode for port forwards: Disabled

    Services -> DHCP Server
    Checked: Enable DHCP server on LAN_INTEL interface
    DNS servers: Left Blank*

    *Initially I had google public dns server in here and it caused a mess. SOME clients were automatically assigned these DNS instead of the default ip of the pfsense machine.

    This is all good now. But I have some other concerns, which I will open another thread instead.

  • LAYER 8 Global Moderator

    System -> Advanced -> Firewall/NAT
    Network Address Translation: Disabled

    What??  So are just routing with pfsense?  This is not something that sounds like you should of done..  If your doing "port forwards"  You only "port forward" when there is NAT, if your not natting then you just need to allow the traffic with firewall rules.

  • Netgate Administrator

    There is no option to disable NAT entirely in System: Advanced: Firewall/NAT: I think it's just a typo. The only option there you can set to disabled is "NAT Reflection mode for port forwards", which is disabled by default and should be if you're using DNS overrides instead.


  • Sorry made a mistake, already amended the post:

    System -> Advanced -> Firewall/NAT
    NAT Reflection mode for port forwards: Disabled

    I think this problem is resolved.

    Please kindly see this thread for a more troublesome problem:

Log in to reply