Redirect traffic from Virtual IP's port 53 to LAN's port 53?
-
My pfSense box uses IP 192.168.0.42/24 and I have a virtual IP (menu Firewall: Virtual IP Address) of type "IP alias" (on Interface "LAN") that also makes him available via 192.168.0.254/24.
I'm using Unbound DNS as a DNS server (instead of DNS forwarder) but this package don't supports my Virtual IP: DNS server only listen on 192.168.0.42 and thus ignores any DNS client that tries to contact it via 192.168.0.254.
I'm wondering I can use the following NAT rule to map VirtualIP:53 to LAN:53?
If Proto Src. addr Src. ports Dest. addr Dest. ports NAT IP NAT Ports
LAN TCP * * 192.168.1.1 53 (DNS) 192.168.1.30 53 (DNS) -
There is also UDP protocol required for DNS.
-
Right, was I bit too fast on this one.
But do you "agree" on the fact this could/should work?
I don't know about pfSense doing NAT on same interface… -
I don't know. In my setup NAT between IPs on the same interface wasn't necessary. As I know it would not work if the NAT IP is bound to another device. But maybe it works for localhost.
Basically, it should be doable to bind local services at IP aliases.