Allow DNS server behind pfsense to access internet



  • I'm having this routing issue (I think).
    This is what I got:

    DNS server [200.200.200.1 , Gateway: 200.200.200.5] is sitting behing pfsense. It's got its own internal network [200 subnet] of 5 computers.

    PFsense :
    LAN: 200.200.200.5
    WAN: 192.168.100.202

    So far I setup NAT Outband to manual and added 2 rules to allow traffic between interfaces.
    DNS is able to ping both interfaces on pfSense router. It is also able to ping any ip on the subnet 100 but its not able to ping internet?
    pfSense WAN ip address [192.168.100.202] is a static IP address and got access to the internet. I can ping anything I want.
    Is it possible to make DNS server to ping internet too? So in the future any member of the domain hosted on that DNS server can access internet?

    Thanks for any help.



  • It should work fine without manual outbound NAT. Your LAN will be NAT'd to the pfSense WAN IP 192.168.100.202 and as long as the WAN gateway on pfSense is set correctly to point to the upstream router on the 192.168.100.0/24 network it will go.
    The default "Allow all on LAN" rule should be all you need to get started. No need for rule/s on WAN - you do not need to allow incoming traffic connections. Make sure the DNS server has pfSense LAN IP as its default gateway and some reasonable upstream DNS server specified (e.g. pfSense DNS Forwarder).

    Why are you using public IPv4 address space on your LAN?
    200.200.0.0/16 looks like it is allocated to an ISP in Brazil. That will give you trouble if you ever try to access a site that happens to have a public IP in 200.200.200.0/24.