*SOLVED* dns problem on multi-lan
-
Hello All,
fresh build of pfSense-2.1.4 amd 64
(Sidenote: having been using both pf-1.2.3 & 2.0.x for about 5 years so familiar with interface)The DEFAULT GW us showing as the WAN gateway for completeness.
On our newly revamped school lan we are setting the pfSense machine with three physical LAN nics & one WAN nic.
Long story short the LAN interface does name resolution fine. 172.28.8.0/24 and can web browse fine.On Opt 1 172.28.10.0/23 & OPT2 172.28.12.0/23, I can ping dns servers fine but when i ping google.com I get no response
All three nics are setup for doing dhcp idenitcal. dns servers entered identical etc.I have put a uile for both OPT1 & OPT2 to pass all traffic in the firewall rules.
I have tried doing packet captures on each interface and can not figure what is not letting the dns work as expected on OPT1 & OPT2
The box does have the default of DNS forwarder enabled also.I can actually ping google.com within the pfSense web interface PING from both OPT1 & OPT2 interfaces and get returns.
I have tried reading all the dns related stuff here in regards to mutli-lan but do not find an actual fix.
EDIT: After posting this I found possibly a clue.
When i look at ARP tables in the pfSense gui, for LAN inerface of 172.28.8.2 i see the FQDN of the pfSense machine
When I look at both OPT1 & OPT2 inerfaces there is no hostname being shown.
Anyone have any ideas why this would be?Thank You,
Barry -
replying to my own post
FIX:
In the firewall rules for each of the two OPT nics I had mistakenly used TCP rather than any * for a pass rule
Once I corrected this the dns / UDP traffic was able to pass to do a a successful nslookup and web browsing started to function on both of the OPT nics.Sidenote: When troubleshooting this, I had went into the System >Advanced>Firewall/NAT and choose the check mark to totally disable firewall. Traffic still did not pass. Possibly had to do a reboot and the OPT nics may have functioned. Not sure
Thank You,
Barry