NAT and local server web



  • Hello everyone!
    These days I am doing a migration to pfsense and I'm having problems.
    Situation:
    Active directory with 60 client and 8 public ip
    all computers have as dhcp pfsense and dns the domain controller with dns,as gw the old  firewall and out with xxx.xxx.xxx.169 (public)
    xxx.xxx.xxx.173 public ip pfsense
    only my client go out with ip xxx.xxx.xxx.173 to test the situation

    Now I set virtual ips, a nat 1: 1 on a private IP network and created the rules.
    The computers that have as gw old firewall access the site by name, while I non have access by name and ip pubbliced , but only as a private ip.

    i set pfsense like primary dns but I have already tried and clients will not see the domain.

    I followed the first step of this guidehttps://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks but I have not solved.

    any idea?

    Thank you (sorry for my english)



  • If I understand you correctly, you're trying to view your internally sited web server (you don't say what ports you're NATing) from your internal network via the WAN address. Short answer: Use split DNS. Set the internal address as the target for your server within your Windows DNS settings and don't try bouncing the traffic back from your firewall to a local host. All your PCs should use the Windows DNS server as their default with the forwarders you define in your DNS server for internet name services. Public DNS records should be only for external visitors, not your LAN users.



  • Thanks,

    i'm nating the port 80.

    i try to put in my windows 2003 dns the local ip - www.site.com but the computers in lan doesn't work (the ping www.site.com response with public ip) maybe it takes more time???
    So isn't necessary active dns on my pfsense?

    Thanks

    Bye



  • @superante:

    i try to put in my windows 2003 dns the local ip - www.site.com but the computers in lan doesn't work (the ping www.site.com response with public ip) maybe it takes more time???
    So isn't necessary active dns on my pfsense?

    If you really are entering the correct zone/address in your Windows DNS server, then the issue must be with the DHCP settings on your clients. Make sure your DHCP server is setting your primary name server on your clients to your Windows DNS server. You can't run Windows machines in a Windows server environment with a non-Windows DNS server (at least not easily). It would probably be best if your DHCP assignments were done by your Windows server environment also. Running an 'ipconfig /all' on your client PCs will show if your DNS is set correctly. Once you've made the change, run 'ipconfig /flushdns' on your client PC so that the updated DNS settings take.



  • Ok thanks, now it works…but..one last thing

    i put the name of the server so works with  site.domain.local but no with site.domain.com.

    Thanks for all!!!

    Ante