Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Port forwards work… except DNS

    NAT
    2
    6
    808
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • KOM
      KOM last edited by

      I'm slowly building up an uber-router and I've got 1 port forward to a test Apache web server in the DMZ, and another port forward for SSH to the same Apache server.  They work perfectly.  Then I added a virtual IP (IP Alias) and port forwarded DNS on that IP to my internal DNS server (currently on LAN, not DMZ).  The firewall log shows that connections succeed but the DNS request times out.  If I address it internally, it works fine.  I have Squid and SquidGuard installed & configged, and ever since I've noticed that the Upload test from Speedtest.net always fails.  Is there a connection between that problem and this one?

      Any clues as to why 2/3 port forwards work fine, and the 3rd fails even though the firewall log shows it succeeds?

      1 Reply Last reply Reply Quote 0
      • T
        timthetortoise last edited by

        Are you forwarding TCP and UDP or only one of them?

        1 Reply Last reply Reply Quote 0
        • KOM
          KOM last edited by

          Both TCP and UDP.  I've gotten caught by that before.

          1 Reply Last reply Reply Quote 0
          • T
            timthetortoise last edited by

            Have you confirmed that you can ping to the outside world with the machine in question? If you're forwarding TCP/UDP and you can query it internally, it sounds like your default gateway might be incorrect.

            1 Reply Last reply Reply Quote 0
            • KOM
              KOM last edited by

              *#%#$$@ I'm stupid.  Yes, this secondary DNS server was temporarily hijacked by me for testing, but I didn't reconfigure its network stack.  That's probably exactly it.  Thanks for handing me a brain.  Mine got lost.

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                Yes, that was definitely the problem.  Thanks again!

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense Plus
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy