OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: Kuragari on May 23, 2016, 06:39:42 pm

Title: Forward public DNS resolution to internal server
Post by: Kuragari on May 23, 2016, 06:39:42 pm

Hi, here want i want to do. I have a public DNS resolution to my internal server (office.yannqueniart.com). I want to make working this resolution on my LAN.

Actually I use DNS entry on my LAN to forward to the LAN private IP address but for some reason I want keep the real public DNS translation and forward datas with NAT.

Anybody have do this ? Use NAT One to One or outbound rules ?

Best regards.

Title: Re: Forward public DNS resolution to internal server
Post by: telxoid on May 24, 2016, 04:54:50 pm

Let's clarify.

You have an internal DNS or DMZ based DNS server that serves public records?  Does it have its own public IP, or do you only have one routable IP?  Do you want any machine to be able to query it, or just one (or a couple)?

Thanks.

Title: Re: Forward public DNS resolution to internal server
Post by: Kuragari on May 24, 2016, 06:41:39 pm

Hi,

I have internal DNS just used for internal LAN resolution. I have only one routable IP.

I have a public DNS from my hoster.

Actually I use overwrite DNS resolution fonction in my internal DNS. So on LAN my DNS resolution for test.yannqueniart.com --> 172.16.99.9 (dns name and IP address are only for the sample, not the real).

What I want is test.yannqueniart.com --> public IP address and my router forward to 172.16.99.9. I want want keep the real public name resolution and use routing function to forward to the internal server.

I need that for any internal machine.

Thanks for your help

Title: Re: Forward public DNS resolution to internal server
Post by: telxoid on May 24, 2016, 07:55:07 pm

That sounds like a port forward to me. 

Under Firewall-->NAT-->Port Forward in the WebGUI.  For simplicity sake, enable Add Associated Filter Rule, which should create the required firewall rule for you.

Title: Re: Forward public DNS resolution to internal server
Post by: Kuragari on May 24, 2016, 08:18:26 pm

Don't work with simple pat rule because i want forward all data, not just one port.

Title: Re: Forward public DNS resolution to internal server
Post by: telxoid on May 24, 2016, 08:58:51 pm

That then would be a One-to-One rule.  However, if that's your only routable IP (the one you get via DHCP from your ISP), I could see that being problematic, if it's even allowed, especially if there are other LAN hosts.

I've seen some commercial products that do something like this (calling it a DMZ Host or something).  To be honest, this isn't something I've tried or would try.

Can anyone else assist here?

Title: Re: Forward public DNS resolution to internal server
Post by: franco on May 24, 2016, 11:26:17 pm

Have you tried pure NAT reflection?

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks