Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    NAT and local server web

    Scheduled Pinned Locked Moved NAT
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      superante
      last edited by

      Hello everyone!
      These days I am doing a migration to pfsense and I'm having problems.
      Situation:
      Active directory with 60 client and 8 public ip
      all computers have as dhcp pfsense and dns the domain controller with dns,as gw the old  firewall and out with xxx.xxx.xxx.169 (public)
      xxx.xxx.xxx.173 public ip pfsense
      only my client go out with ip xxx.xxx.xxx.173 to test the situation

      Now I set virtual ips, a nat 1: 1 on a private IP network and created the rules.
      The computers that have as gw old firewall access the site by name, while I non have access by name and ip pubbliced , but only as a private ip.

      i set pfsense like primary dns but I have already tried and clients will not see the domain.

      I followed the first step of this guidehttps://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks but I have not solved.

      any idea?

      Thank you (sorry for my english)

      1 Reply Last reply Reply Quote 0
      • M
        muswellhillbilly
        last edited by

        If I understand you correctly, you're trying to view your internally sited web server (you don't say what ports you're NATing) from your internal network via the WAN address. Short answer: Use split DNS. Set the internal address as the target for your server within your Windows DNS settings and don't try bouncing the traffic back from your firewall to a local host. All your PCs should use the Windows DNS server as their default with the forwarders you define in your DNS server for internet name services. Public DNS records should be only for external visitors, not your LAN users.

        1 Reply Last reply Reply Quote 0
        • S
          superante
          last edited by

          Thanks,

          i'm nating the port 80.

          i try to put in my windows 2003 dns the local ip - www.site.com but the computers in lan doesn't work (the ping www.site.com response with public ip) maybe it takes more time???
          So isn't necessary active dns on my pfsense?

          Thanks

          Bye

          1 Reply Last reply Reply Quote 0
          • M
            muswellhillbilly
            last edited by

            @superante:

            i try to put in my windows 2003 dns the local ip - www.site.com but the computers in lan doesn't work (the ping www.site.com response with public ip) maybe it takes more time???
            So isn't necessary active dns on my pfsense?

            If you really are entering the correct zone/address in your Windows DNS server, then the issue must be with the DHCP settings on your clients. Make sure your DHCP server is setting your primary name server on your clients to your Windows DNS server. You can't run Windows machines in a Windows server environment with a non-Windows DNS server (at least not easily). It would probably be best if your DHCP assignments were done by your Windows server environment also. Running an 'ipconfig /all' on your client PCs will show if your DNS is set correctly. Once you've made the change, run 'ipconfig /flushdns' on your client PC so that the updated DNS settings take.

            1 Reply Last reply Reply Quote 0
            • S
              superante
              last edited by

              Ok thanks, now it works…but..one last thing

              i put the name of the server so works with  site.domain.local but no with site.domain.com.

              Thanks for all!!!

              Ante

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.