Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Allow DNS server behind pfsense to access internet

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      novak100
      last edited by

      I'm having this routing issue (I think).
      This is what I got:

      DNS server [200.200.200.1 , Gateway: 200.200.200.5] is sitting behing pfsense. It's got its own internal network [200 subnet] of 5 computers.

      PFsense :
      LAN: 200.200.200.5
      WAN: 192.168.100.202

      So far I setup NAT Outband to manual and added 2 rules to allow traffic between interfaces.
      DNS is able to ping both interfaces on pfSense router. It is also able to ping any ip on the subnet 100 but its not able to ping internet?
      pfSense WAN ip address [192.168.100.202] is a static IP address and got access to the internet. I can ping anything I want.
      Is it possible to make DNS server to ping internet too? So in the future any member of the domain hosted on that DNS server can access internet?

      Thanks for any help.

      1 Reply Last reply Reply Quote 0
      • P
        phil.davis
        last edited by

        It should work fine without manual outbound NAT. Your LAN will be NAT'd to the pfSense WAN IP 192.168.100.202 and as long as the WAN gateway on pfSense is set correctly to point to the upstream router on the 192.168.100.0/24 network it will go.
        The default "Allow all on LAN" rule should be all you need to get started. No need for rule/s on WAN - you do not need to allow incoming traffic connections. Make sure the DNS server has pfSense LAN IP as its default gateway and some reasonable upstream DNS server specified (e.g. pfSense DNS Forwarder).

        Why are you using public IPv4 address space on your LAN?
        200.200.0.0/16 looks like it is allocated to an ISP in Brazil. That will give you trouble if you ever try to access a site that happens to have a public IP in 200.200.200.0/24.

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.