Hello,
We have come across an issue where we specified a network range to head out one public IP. However, the DNS traffic from that network range is leaving by a different public IP.
We are using PFSense 2.4.2
Thanks in advance,
-
PFSense Route DNS Traffic
-
On a host, are you getting your IP information from DHCP? If so verify that the default gateway on the host matches the one you have setup in pfSense as the gateway for your LAN (Specified Range).
Are you using pfSense as your DNS Forwarder and/or Resolver? Do you have a different DNS server configured for each gateway?
Just trying to isolate where your issue may be occuring.
Cordially,
Ronnie Wong
Edutainer, ITProTV*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team. -
-
Ip information is provided by DHCP from PFSense
-
Yes we are using PFSense as our DNS resolver
-
No we do not have a Different DNS configured for each gateway. The gateways all pull their DNS from the general setup DNS
-
What seems to be happening is even though we have an outbound route for our network range the DNS is still going out the Gateway IP address and not the outbound route.
-
-
Take a look at your NAT rules. Check to see if you've also allowed for UDP to be NATed as well. TCP traffic may have been NATed but DNS (UDP) may not be NATed. This sould similar to the issue that you're having. Begin there.
Cordially,
Ronnie Wong
Edutainer, ITProTV*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team. -
We are routing all protocols.
here is a screenshot.
-
I'm running 2.4 here too. I'm trying to see what is different with ours. Does the grayed out box for source network mean you can't type the network e.g. 192.168.10.0/24. Also the translations address box is gray too...can you type in the address you're expecting it leave? I'm not sure because these two boxes for me are active and do not look like yours.
Cordially,
Ronnie Wong
Edutainer, ITProTV*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team. -
-
Those Grey boxes are me hiding our network information Sorry for the confusion.
-
The source network I do have a range set
-
The Address in the translation I have an address set to a public IP.
-
For your test try having different DNS set for your Gateway and your DHCP. That is our current setup
-
-
I'll try to get to this tonight to see...been a little behind the 8 ball on shows. :) Thanks for the additional info to troubleshoot.
Cordially,
Ronnie Wong
Edutainer, ITProTV*if the post above has answered the question, please mark the topic as solved.
**All "answers" and responses are offered "as is" and my opinion. There is no implied support or guarantee by the ITProTV team.
