[SOLVED] No DNS Resolution for vlan



  • Hi everybody,

    I have a very strange situation and I am sure that I missed just one click to complete my desired setting.
    I have a pfsense (v 2.1.4), a zyxel switch (GS1910-24) and a tp-link access point (TL-WA801N).

    I have defined to SSIDs on the access point:

    • home with vlan-id 1
    • guests with vlan-id 200

    If I connect to "home" I receive a correct IP from PFSense within the subnet 5.x, gateway 5.1 (=pfsense) and I can browse the internet
    If I connect to "guests" I receive a correct IP from PFSense within the subnet 2.x, gateway 2.1 (=pfsense) and I can ping the pfsense from the client and pfsense can ping the client. I can access pages directly like: "http://5.35.240.23/" but www.google.de is not working.

    My questions:

    1. this sounds like a DNS Problem, right? Because I have internet access but only if I browse directly to an ip.
    2. Do you have any idea what I missed to make sure that PFSense works correctly as a DNS Server?

    Hints:

    • DNS Forwarder is activated
    • there is an allow any rule for the vlan-id200 in pfsense
    • I can ping www.google.de from PFSense webinterface with the source VLAN200

    Thank you very much for your help.
    Best regards
    Christoph



  • Hi everybody,

    I found the solution!!! just for all the other who might face this problem. I had a allow any rule, but this rule was only for "tcp" Requests - and DNS requests are "udp".
    As I said it was only one more click.

    Now I have 4 rules for my vlan200:
    Allow TCP, port 80 to anything but LAN (= !LAN)
    Allow TCP, port 443 to !LAN
    Allow UDP, port 53 to 192.168.2.1 (Pfsense)
    Block everything else.

    Best regards
    Christoph



  • Thanks bro i was getting the exact problem. Didn't realize the Allow Any rule was only for TCP. Thnx a bunch.


Log in to reply