Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS load balancer needs different firewall rule than HTTP load balancer?

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 539 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T Offline
      t35zu
      last edited by

      Hi,

      I got confused about the following and despite a forum search could not determine the reason:

      if a HTTP load balancer virtual IP listens on a WAN IP I have to add a firewall rule to allow the various pool IPs as destinations.
      if a DNS load balancer virtual IP listens on a WAN IP I have to add a firewall rule to allow the single WAN IP as destination, not any of the pool IPs.
      if you NAT port forward DNS (tcp/udp) to an internal IP then a firewall rule to allow the internal IP as destination is needed again.

      My question is: Why is the "Load Balancer" + DNS an exception?

      thanks,
      t35zu

      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        Because it is a handled in relayd as a proxy and not as a NAT relay as the other modes do. You'll also notice that all queries appear to originate from the firewall when using it for DNS.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.