[SOLVED] No DNS Resolution for vlan
I have a very strange situation and I am sure that I missed just one click to complete my desired setting.
I have a pfsense (v 2.1.4), a zyxel switch (GS1910-24) and a tp-link access point (TL-WA801N).
I have defined to SSIDs on the access point:
- home with vlan-id 1
- guests with vlan-id 200
If I connect to "home" I receive a correct IP from PFSense within the subnet 5.x, gateway 5.1 (=pfsense) and I can browse the internet
If I connect to "guests" I receive a correct IP from PFSense within the subnet 2.x, gateway 2.1 (=pfsense) and I can ping the pfsense from the client and pfsense can ping the client. I can access pages directly like: "http://220.127.116.11/" but www.google.de is not working.
- this sounds like a DNS Problem, right? Because I have internet access but only if I browse directly to an ip.
- Do you have any idea what I missed to make sure that PFSense works correctly as a DNS Server?
- DNS Forwarder is activated
- there is an allow any rule for the vlan-id200 in pfsense
- I can ping www.google.de from PFSense webinterface with the source VLAN200
Thank you very much for your help.
I found the solution!!! just for all the other who might face this problem. I had a allow any rule, but this rule was only for "tcp" Requests - and DNS requests are "udp".
As I said it was only one more click.
Now I have 4 rules for my vlan200:
Allow TCP, port 80 to anything but LAN (= !LAN)
Allow TCP, port 443 to !LAN
Allow UDP, port 53 to 192.168.2.1 (Pfsense)
Block everything else.
Thanks bro i was getting the exact problem. Didn't realize the Allow Any rule was only for TCP. Thnx a bunch.