Nice, thank you Chris
-Andy
On 03/01/2011 08:28 PM, Chris Buechler wrote:
On Tue, Mar 1, 2011 at 7:26 AM, Andy Graybeal
andy.grayb...@casanueva.com wrote:
Greetings,
I'm wondering if there is a DNS forwarding log? I don't have a DNS server
installed here at the site, I use OpenDNS for my
Greetings,
I'm wondering if there is a DNS forwarding log? I don't have a DNS
server installed here at the site, I use OpenDNS for my name servers.
I have a machine that is requesting a website that supposedly is related
to malware according to OpenDNS.
How would I figure out which machine
On Tue, Mar 1, 2011 at 2:26 PM, Andy Graybeal
andy.grayb...@casanueva.com wrote:
Greetings,
I'm wondering if there is a DNS forwarding log? I don't have a DNS server
installed here at the site, I use OpenDNS for my name servers.
I have a machine that is requesting a website that supposedly
You can use tcpdump on your LAN interface to see which IP is
requesting the website:
tcpdump -ilan_interface -n host name_of_malware_website
replacelan_interface with your real name of lan interface (eg. em0).
The tcpdump will show you the IP that is requesting the page of
On Tue, Mar 1, 2011 at 7:26 AM, Andy Graybeal
andy.grayb...@casanueva.com wrote:
Greetings,
I'm wondering if there is a DNS forwarding log? I don't have a DNS server
installed here at the site, I use OpenDNS for my name servers.
I have a machine that is requesting a website that supposedly
On Wed, Jan 19, 2011 at 8:25 AM, Vick Khera vi...@khera.org wrote:
On Tue, Jan 18, 2011 at 9:38 PM, Chris Buechler cbuech...@gmail.com wrote:
It feels like it is eating up any 192.168.0.0/16 IP address returned
for a hostname.
This is by design to protect against DNS rebinding attacks. If
On Wed, Jan 19, 2011 at 11:54 AM, Chris Buechler cbuech...@gmail.com wrote:
You get both if you just use domain overrides for domains where you
expect private IP responses. Domains in domain overrides are excluded
since most commonly those return private IPs, generally leaving
Internet DNS
I updated from my 1.2.3 based WRAP box to a 2.0-BETA5 (self-updated
after install to have latest image from around 4am today) ALIX box
earlier this afternoon. I observe the same behavior from a December
13 firmware (I made the CF card way back then).
Almost everything is working. I am having
On Tue, Jan 18, 2011 at 4:49 PM, Vick Khera vi...@khera.org wrote:
I updated from my 1.2.3 based WRAP box to a 2.0-BETA5 (self-updated
after install to have latest image from around 4am today) ALIX box
earlier this afternoon. I observe the same behavior from a December
13 firmware (I made the
Alright. I got it. Thanks to all that responded. There were a couple of
duplicate rules in the rules table from the automatically entered rules
and from me deleting and re-adding, etc. I deleted all references to DNS
from the NAT tables and the Rules tables and then re-created them all.
They
I have a DNS server behind a pfsense box. The dns forwarder is enabled
(I've tried disabling it.)
Without the forwarder, dns queries from behind the pfsense box don't
resolve, not ever.
With the forwarder dns queries resolve and the active directory works
fine as the windows servers forward
On Nov 5, 2010, at 9:24 PM, Curtis Maurand wrote:
I have a DNS server behind a pfsense box. The dns forwarder is enabled (I've
tried disabling it.)
Without the forwarder, dns queries from behind the pfsense box don't resolve,
not ever.
With the forwarder dns queries resolve and the
I just noticed that the name set in System/General Setup/Hostname does
not resolve to the same IP all the time.
It seems to flip-flop between the LAN and WAN IP.
Is that by design or a bug?
It happens on pfSense-2.0-BETA1-20100407-1435, and I don't remember it
happening on 1.2.x.
Regards,
-Jeppe
On Mon, May 3, 2010 at 1:27 AM, Jeppe Øland jol...@gmail.com wrote:
I just noticed that the name set in System/General Setup/Hostname does
not resolve to the same IP all the time.
It seems to flip-flop between the LAN and WAN IP.
Is that by design or a bug?
It happens on
On Sun, May 2, 2010 at 6:35 PM, Kimmo Paasiala kpaas...@gmail.com wrote:
On Mon, May 3, 2010 at 1:27 AM, Jeppe Øland jol...@gmail.com wrote:
I just noticed that the name set in System/General Setup/Hostname does
not resolve to the same IP all the time.
It seems to flip-flop between the LAN and
I just noticed that the name set in System/General Setup/Hostname
does not resolve to the same IP all the time.
It seems to flip-flop between the LAN and WAN IP.
It's probably related to this issue:
http://forum.pfsense.org/index.php/topic,23999.0.html
While searching the web I found two threads.
One thread was in a pfSense bug tracker system
http://redmine.pfsense.org/issues/show/119
And the other was on the pfSense Forum
http://forum.pfsense.org/index.php/topic,6957.0.html
The Bug tracker did not said to which version of pfSense or TinyDNS
Lets try to clarify.
Windows Workstations (Domain area.com)
+
+ (Network 192.168.0.0/24 - NET1)
+
Windows 2000 DNS Server
(Not BIND, Not TinyDNS, Windows DNS)
+
+ (Network 192.168.0.0/24 - NET1)
On Feb 18, 2010, at 5:26 PM, Jose Torres wrote:
Lets try to clarify.
Windows Workstations (Domain area.com)
+
+ (Network 192.168.0.0/24 - NET1)
+
Windows 2000 DNS Server
(Not BIND, Not TinyDNS, Windows DNS)
+
I am not sure if this is the way to set the DNS binding.
I went to the DNS Server configuration page and set the Binding IP
address field as 127.0.0.1, 192.1687.1.75 and clicked save.
Then I restarted the service.
If this is the way, then the DNS Server is listening on both addresses
now.
But
On Feb 18, 2010, at 6:18 PM, Jose Torres wrote:
I am not sure if this is the way to set the DNS binding.
I went to the DNS Server configuration page and set the Binding IP
address field as 127.0.0.1, 192.1687.1.75 and clicked save.
Then I restarted the service.
If this is the way,
From a workstation in NET1
administra...@d9q87t01:~$ telnet 192.168.1.75 53
Trying 192.168.1.75...
Connected to 192.168.1.75.
Escape character is '^]'.
Connection closed by foreign host.
Jose
On Thu, 2010-02-18 at 18:23 +0100, Remko Lodder wrote:
On Feb 18, 2010, at 6:18 PM, Jose Torres wrote:
Also connected by ssh I executed netstat and is LISTENing
Jose
# netstat -an
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address
(state)
tcp4 0 0 192.168.0.75.22192.168.0.208.46954
ESTABLISHED
tcp6 0 0 *.53
The pfSense WebConfigurator has a page for System Logs. In this page I
see a lot of logs so I filter by the string dns and this is the output:
* Feb 18 22:45:46 dnsmasq[471]: read /etc/hosts - 2 addresses
* Feb 18 22:45:46 dnsmasq[471]: ignoring nameserver 192.168.1.75 -
I am configuring for the first time the pfSense system, and do not have
any expertise in BSD.
First I want to describe my network and later will describe the problem.
The pfSense box is used for a sub network inside my Business Domain.
My Domain has two DNS Server (DNS1, DNS2) and two DHCP that
For some reason the TinyDNS package did not installed successfully the
first time, since I went to the Installed Packages and it was not found.
I tried a second time and it installed successfully this time.
Now the Web Configurator shows the DNS Server configuration options
provided by pfSense.
The book explains, to divert some DNS'es via static routes to OPT1 (if
you have multiwan-setup).
And it also explains to put an entry for the other DNS, for clarity,
to your WAN (though not needed, just for documentation reasons).
But, what if your WAN is using PPPoE - and is a dynamic IP all
On Wed, Feb 10, 2010 at 4:05 AM, Michel Servaes mic...@mcmc.be wrote:
The book explains, to divert some DNS'es via static routes to OPT1 (if
you have multiwan-setup).
And it also explains to put an entry for the other DNS, for clarity,
to your WAN (though not needed, just for documentation
Hello,
I'm using a redundant pfsense CARP cluster for providing
firewall/DHCP/DNS to several servers and clients.
To have more control over local DNS records, I have setup a powerdns
daemon on a linux server behind the pfsense cluster and entered a domain
override for a test domain in the DNS
So there is one website which I know to be up and working that I am
trying to access. When I am behind my pfsense/Alix 2c3, it does not
work (will not load in a browser, will not ping, however every other
site on the internet works--this holds true for any computer on the
network). When I
On 05/10/09 10:26, Jeremy Bennett wrote:
Is there a way to flush everything stored on the device but the config?
open a shell and take a peek in /var/named and see if there's anything
obvious; be careful to delete only files and not directories otherwise
things will break.
sorry to be
Sorry for the double posting, but I'm not sure if the user list was the
correct for this:
Is there any way to add a host to the DNS service so that
*.subdomain.domain.local would be resolved to the same IP address?
Example in bind syntax:
*.subdomain.domain A 192.168.1.2
for which issue or both?
2009/2/11 Curtis LaMasters curtislamast...@gmail.com:
There are workarounds for this. Check the forums/archive.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Feb 11, 2009 at 9:32 AM, Nick Upson nick.up...@gmail.com wrote:
For installing packaged on flash based systems.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Thu, Feb 12, 2009 at 4:22 AM, Nick Upson nick.up...@gmail.com wrote:
for which issue or both?
2009/2/11 Curtis LaMasters curtislamast...@gmail.com:
There are
how do people arrange their DNS, as far as I can see the ideal place
for my DNS, so it can serve the entire network, is in the firewall but
it doesn't seem to have one, or do I need to enable/install something?
-
To unsubscribe,
Nick Upson schrieb:
how do people arrange their DNS, as far as I can see the ideal place
for my DNS, so it can serve the entire network, is in the firewall but
it doesn't seem to have one, or do I need to enable/install something?
pfSense doesn't implement a full DNS (AFAIK). It's mainly
On Wed, Feb 11, 2009 at 8:39 AM, Rainer Duffner rai...@ultra-secure.de wrote:
pfSense doesn't implement a full DNS (AFAIK). It's mainly a resolver-cache.
Not built in, there is a DNS server package available.
The firewall is certainly *not* an ideal place to put the (internal)
DNS, though.
there is a DNS server package available. - pointer please
small network with minimal or no internal servers is a pretty good
description for the setup I'm currently dealing with
2009/2/11 Chris Buechler c...@pfsense.org:
On Wed, Feb 11, 2009 at 8:39 AM, Rainer Duffner rai...@ultra-secure.de
SystemPackagesDNS-Server - based on tiny dns I think..
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Feb 11, 2009 at 8:35 AM, Nick Upson nick.up...@gmail.com wrote:
there is a DNS server package available. - pointer please
small network with minimal
unfortunately we are currently running from flash, which I understand
disable access to System-Packages
this was due to issues with the initial disk format not working on install
2009/2/11 Curtis LaMasters curtislamast...@gmail.com:
SystemPackagesDNS-Server - based on tiny dns I think..
There are workarounds for this. Check the forums/archive.
Curtis LaMasters
http://www.curtis-lamasters.com
http://www.builtnetworks.com
On Wed, Feb 11, 2009 at 9:32 AM, Nick Upson nick.up...@gmail.com wrote:
unfortunately we are currently running from flash, which I understand
disable
RB,
Thanks for that. It was necessary to keep DNS resolution on the box
outside of the ssh process, but your post /did/ help me accomplish this.
All up and doing well.
Thanks again,
Steve
RB wrote:
On Mon, Feb 2, 2009 at 15:15, Steve Spencer sspen...@kdsi.net wrote:
The only problem I had
Greetings,
I'm migrating away from an Astaro Security Linux firewall for our
network. The Astaro firewall has worked well, but we are having
hardware failures and the lean format of the PfSense product intrigued me.
I've used Monowall before, so I'm not unfamiliar with the basic
operation of
On Mon, Feb 2, 2009 at 15:15, Steve Spencer sspen...@kdsi.net wrote:
The only problem I had was that the ssh to the proprietary accounting
box returned the login immediately, followed by the password, and then
it sat for 2 minutes or more before it returned screens. I noticed on
the Astaro
Greetings list,
I have a number of multi-wan sites where the 2 connections are provided by
different service providers, each of whom has different DNS servers. My usual
practice has been to use one from each provider on the general page.
However, DNS servers from ISP A can only be queried from
On Tue, Jan 13, 2009 at 6:24 AM, Chris Bagnall li...@minotaur.cc wrote:
Greetings list,
I have a number of multi-wan sites where the 2 connections are provided by
different service providers, each of whom has different DNS servers. My usual
practice has been to use one from each provider on
On Tue, Dec 2, 2008 at 12:36 PM, Dimitri Rodis
[EMAIL PROTECTED] wrote:
Is there a way that I can specify multiple DNS servers for a particular
domain suffix? You should be able to, IMO.
No, feature request opened (patches welcome).
http://cvstrac.pfsense.org/tktview?tn=1849
On one of my networks, I have 4 Windows server domain controllers that run DNS
for Active Directory on this network in particular.
On the services_dnsmasq.php page in pfSense, the bottom section allows you to
specify authoritative DNS servers for domains that are not part of the internet
(or
Chris Buechler wrote:
Does somebody know a consumer grade DSL-Router who does NAT with port
randomization out of the box?
Not sure if my Westell does or not, I use the IP passthrough so my
firewall gets the public IP and would suggest you do the same if
possible. I do use its NAT for my dual
A bit Off-Topic...
You can find no Information about DNS-Cache Poisoning at ZyXEL's
Website. As manufacturer of NAT-Serializers this is poor behavior.
Not for old and probably not patchable Routers nor the Information that
maybe newer Products can solve this issue.
Does somebody know a
On Thu, Jul 31, 2008 at 3:01 AM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
A bit Off-Topic...
You can find no Information about DNS-Cache Poisoning at ZyXEL's Website. As
manufacturer of NAT-Serializers this is poor behavior.
Wow, indeed it is. I would suggest contacting them, I'm sure you
Chris Buechler wrote:
How is your outbound NAT configured? Even static port won't rewrite
the source ports to something incremental, it just retains whatever
the source port is.
Automatic outbound NAT rule generation (IPsec passthrough)
Auto created rule for LAN Static Port NO
Port
On Tue, Jul 22, 2008 at 1:02 AM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Chris Buechler wrote:
How is your outbound NAT configured? Even static port won't rewrite
the source ports to something incremental, it just retains whatever
the source port is.
Automatic outbound NAT rule
On Tue, Jul 22, 2008 at 1:17 AM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Beat Siegenthaler wrote:
Upps, stop the press...
I apologize for the hype. No cause for alarm.
Packet Dump at the pfSense WAN side shows a excellent entropy.
I did not realize that there is another DSL natting
checkpoint firewalls seem to have a problem in not randomising (or
even de-randomising) dns request source port [1]
do we have a similar problem with pfSense?
I did 3 digs to 198.6.1.1, 198.6.1.2 and 198.6.1.3 ( I have 2 isps,
load balanced)
pfctl -ss (to see the states)
self udp
On Mon, Jul 21, 2008 at 4:58 AM, sai [EMAIL PROTECTED] wrote:
checkpoint firewalls seem to have a problem in not randomising (or
even de-randomising) dns request source port [1]
do we have a similar problem with pfSense?
I did 3 digs to 198.6.1.1, 198.6.1.2 and 198.6.1.3 ( I have 2 isps,
sai wrote:
checkpoint firewalls seem to have a problem in not randomising (or
even de-randomising) dns request source port [1]
do we have a similar problem with pfSense?
No, pf has randomized source ports on all NATed TCP and UDP traffic for
8 years. I was surprised to find out that's the
Chris Buechler wrote:
No, pf has randomized source ports on all NATed TCP and UDP traffic for
8 years. I was surprised to find out that's the exception rather than
the norm. Cisco, Checkpoint, amongst numerous others apparently do not
randomize source ports on NATed traffic.
I am not
To: support@pfsense.com
Subject: Re: [pfSense Support] DNS cache poisoning
Chris Buechler wrote:
No, pf has randomized source ports on all NATed TCP and UDP traffic for
8 years. I was surprised to find out that's the exception rather than
the norm. Cisco, Checkpoint, amongst numerous others
Tim Dickson wrote:
Could it be your ISPs DNS that is bad? (that pfSense is relaying?) and not
pfSense directly?
-Tim
Same Server behind pfSense and dd-wrt does differ sightly:
The server runs patched [EMAIL PROTECTED]
No ISP DNS, my own Server. Official DNS for my domains. In my DMZ.
On Mon, Jul 21, 2008 at 4:10 PM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Chris Buechler wrote:
No, pf has randomized source ports on all NATed TCP and UDP traffic for 8
years. I was surprised to find out that's the exception rather than the
norm. Cisco, Checkpoint, amongst numerous others
On Mon, Jul 21, 2008 at 3:39 PM, Chris Buechler [EMAIL PROTECTED] wrote:
On Mon, Jul 21, 2008 at 4:10 PM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Chris Buechler wrote:
No, pf has randomized source ports on all NATed TCP and UDP traffic for 8
years. I was surprised to find out that's the
Chris Buechler wrote:
And it does recursive queries, does not rely on upstream servers? Are
you running with static port enabled? That's the only way your source
ports aren't going to be randomized, assuming the server is NATed and
not just firewalled. Static port disables the source port
Beat Siegenthaler wrote:
And I think it is not really a big problem as long the transaction ID's
are really good random.
Curiosity killed the Cat:
done a dump on pfSense at the dmz-side. It looks that the source ports
from BIND are very good in random. But at the wan-side, the ports
On Mon, Jul 21, 2008 at 5:54 PM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
done a dump on pfSense at the dmz-side. It looks that the source ports from
BIND are very good in random. But at the wan-side, the ports are just
ascending more or less. What about the mentioned UDP timeout?
Shouldn't
On Mon, Jul 21, 2008 at 6:54 PM, Beat Siegenthaler
[EMAIL PROTECTED] wrote:
Beat Siegenthaler wrote:
And I think it is not really a big problem as long the transaction ID's
are really good random.
Curiosity killed the Cat:
done a dump on pfSense at the dmz-side. It looks that the
Bill Marquette wrote:
Shouldn't make a difference if the source port is getting nat'd
sequentially. That sounds a little odd to me, but I can check that
out when I get home and see if I can duplicate. Can you send me
whatever test script you are using? Thanks
I use the Link:
Robert Goley wrote:
based routing. DNS refuses to work. This is because the pfsense machine can
I have no answer for you, but an idea to try.
run tcpdump -l -n -i xxx udp and port 53 on the firewall for each
interface xxx in turn whilst trying to resolve and see if any packets
are seen.
: Re: [pfSense Support] DNS Issues with 1.2 RC2 I
will try this later to see what the result is. Scott's suggestion of using
a static route worked perfectly. The trouble seemed to come from using OPT1
and OPT2 DNS servers as the default. The pfsense machine was trying to
resolve
I will try this later to see what the result is. Scott's suggestion of using
a static route worked perfectly. The trouble seemed to come from using OPT1
and OPT2 DNS servers as the default. The pfsense machine was trying to
resolve with those DNS servers using the WAN interface. I added
Sean Cavanaugh wrote:
I personally use OpenDNS for everything since theyre outside of what the
ISP handles.
surely it's easier to simply run your own caching resolvers? that way
you can force a cache flush if you're changing your own DNS.
the only time either your or my strategy fails is when
On Sat 27 Oct 2007 05:00:21 NZDT +1300, Paul M wrote:
surely it's easier to simply run your own caching resolvers? that way
you can force a cache flush if you're changing your own DNS.
Nope, not enough. I run pfsense in 2 places (1.0.1 and 1.2beta-some),
with caching dns enabled. Several times
I have a multi wan setup with 3 WAN interfaces and 1 LAN. It is using policy
based routing. DNS refuses to work. This is because the pfsense machine can
not resolve anything. The DNS servers are correct. They are pingable from
the pfsense machine. They are accessible from machines on the
On 10/25/07, Robert Goley [EMAIL PROTECTED] wrote:
[snip]
What am I missing?
Static routes. See the multi-wan tutorials.
Scott
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
On Oct 17, 2007, at 1:49 AM, Geoff Crompton wrote:
Ronald L. Rosson Jr. wrote:
When I connect to pfSense via openvpn I can ping all my internal
devices
by IP. I can resolve them by dns but I am uable to connect to them by
their fqdn.
Any clues?
TIA
Is your client getting the right dns
Ronald L. Rosson Jr. wrote:
When I connect to pfSense via openvpn I can ping all my internal devices
by IP. I can resolve them by dns but I am uable to connect to them by
their fqdn.
Any clues?
TIA
Is your client getting the right dns server to use? Is it getting the
right search
, 2007 11:52 PM
Subject: Re: [pfSense Support] DNS forwarder timeouts/failures
On Fri 20 Jul 2007 22:59:12 NZST +1200, Igor Parsadanov wrote:
If this is a domain environment this will likely slow down domain
functions as the XP machines will be asking the ISP server for domain
information. I think
On Fri 20 Jul 2007 22:59:12 NZST +1200, Igor Parsadanov wrote:
If this is a domain environment this will likely slow down domain
functions as the XP machines will be asking the ISP server for domain
information. I think a better way is to have MS DNS have a forwarder
for external lookups
I've always had problems with MS DNS implementations. They have messed
around with DNS and so it exhibits strange behaviour.
I'd suggest that you get rid of the MS machines IP as a DNS server on
the firewall. On your XP PCs have the firewall as the primary DNS, and
the MS machine as secondary.
there you can specify your ISP's dns or even better
yet use OPENDNS 208.67.222.222. Then have DHCP assign the MS DNS as the
only DNS server.
-Original Message-
From: sai [mailto:[EMAIL PROTECTED]
Sent: Friday, July 20, 2007 6:48 AM
To: support@pfsense.com
Subject: Re: [pfSense Support
I second this method as it will also use the internal DNS server to cache the
results.
made a noticeable difference on my network WAN usage.
-Sean
Date: Fri, 20 Jul 2007 06:59:12 -0400 From: [EMAIL PROTECTED] To:
support@pfsense.com Subject: RE: [pfSense Support] DNS forwarder
timeouts
I have installed pfsense 1.2beta1 built on Mon Apr 30 10:47:18 EDT 2007, LAN
with half a dozen XP and a few Linux machines. ADSL. Primary name server on
the general setup tab is fixed to the ISP's name server, secondary name
server is set to the MS business server 2003. DHCP server and DNS
I am using the DHCP server and DNS forwarder for the LAN interface. LAN and
DMZ are NATed. To be able to access the domains on the DMZ's server from the
LAN, I have put in DNS forwarder overrides for the domains in question, with
the local/private IP address of the DMZ server. Register DHCP leases
On Fri 01 Jun 2007 18:49:56 NZST +1200, Volker Kuhlmann wrote:
The overrides appear to be
ignored - dig domain.net @pfsense from a box on the LAN returns nxdomain
after a long wait.
Oops my bad, I entered 2 hosts in the domain override section...
All working now.
Volker
--
Volker Kuhlmann
I am trying to get PPTP clients that connect to the pfsense box to
resolve local clients IP addresses.
But when I get connected and try to ping a internal host I get the
public IP not the internal.
I have the DNS forwarder on and entries for the local hosts. I also
confirm that the entries
@pfsense.com
Subject: [pfSense Support] dns forwarder and PPTP VPN clients
I am trying to get PPTP clients that connect to the pfsense box to
resolve local clients IP addresses.
But when I get connected and try to ping a internal host I get the
public IP not the internal.
I have the DNS forwarder
Hi all !
Im at the end of my DNS-understanding of pfSense ;-)
Ok, not that bad, but:
I got a Domain-Controller that hosts a DNS-Server in my LAN for my local domain. This DC forwards unknown DNS-requests to my pfSense, which gets the DNS from my ISP.
In pfSense I have configured the
The DNS override only works for items querying pfsense, not for
pfsense itself. It and the daemon that does the DNS overriding
(dnsmasq) use resolv.conf which should be populated with your ISPs DNS
servers. You appear to have a bit of a catch-22. Since you have a
FULL resolver internal to your
So I've installed Pfsense 1.0 RC1 on a new machine.
I can connect to webConfigurator from my laptop on the LAN interface at
192.168.1.1, so DHCP is working.
I've gone through the webConfigurator wizard and given the WAN a static IP
address, and have defined a primary and secondary DNS server.
On 6/29/06, Christopher Allen [EMAIL PROTECTED] wrote:
So I've installed Pfsense 1.0 RC1 on a new machine.
I can connect to webConfigurator from my laptop on the LAN interface at
192.168.1.1, so DHCP is working.
I've gone through the webConfigurator wizard and given the WAN a static IP
Scott Ullrich wrote:
On 6/29/06, Christopher Allen [EMAIL PROTECTED]
wrote:
So I've installed Pfsense 1.0 RC1 on a new machine.
I can connect to webConfigurator from my laptop on the LAN interface
at 192.168.1.1, so DHCP is working.
I've gone through the webConfigurator wizard and given
Did you add some restrictive rules at lan? make sure port 53 at the pfsense IP
is allowed.
Holger
-Original Message-
From: Christopher Allen [mailto:[EMAIL PROTECTED]
Sent: Friday, June 30, 2006 12:13 AM
To: support@pfsense.com
Subject: RE: [pfSense Support] DNS Forwarding failing
Holger Bauer wrote:
Did you add some restrictive rules at lan? make sure port 53 at the
pfsense IP is allowed.
No, did not add any rules. Nothing other then what is available from the
initial startup wizard.
-- Christopher Allen
Christopher Allen wrote:
System - General, fill in the DNS servers.
I have -- the wizard asks for them, and and I've checked and they are
pingable.
But do they actually resolve names? Use the ping page in the webgui to
try to ping google.com. If it doesn't resolve there, those DNS
Hi All,
I have a little problem with the DNS, the computer connect to the DHCP
server loose the DNS. The DNS is seen by pfsense but not by the computer.
Any one can help me?
Regards,
-
To unsubscribe, e-mail: [EMAIL
Hi All,
Running snapshot 02-19-06. Im not knowledgeable with FreeBSD,
but I have a suspicion that if I change the DNS server IP addresses in the general
setup of the GUI the changes are not actually reflected under the hood
so to speak.
I setup the Pfsense firewalls with a
Hi
Since my last email about trying to setup a dual WAN setup - I have
found that there is a problem how PFSense configures DNS settings. It
uses WAN1s DNS settings as global DNS settings for the whole system. My
ISPs do not support DNS queries from another network. So when a request
which
Use the built in DNS forwarder. This will force it to use the upstream DNS.
Scott
On 10/16/05, Manuj Aggarwal [EMAIL PROTECTED] wrote:
Hi
Since my last email about trying to setup a dual WAN setup - I have
found that there is a problem how PFSense configures DNS settings. It
uses WAN1s
I did enable it - but it did not make a difference.
When I set the DNS to 4.2.2.2 and uncheck the Allow DNS server list to
be overridden by DHCP/PPP on WAN it works fine.
Any ideas?
Scott Ullrich wrote:
Use the built in DNS forwarder. This will force it to use the upstream DNS.
Scott
On
Make sure all the clients are pointed to the DNS Forwarder. If the
correct DNS servers are entered in each firewall then it should query
upstream properly.
On 10/16/05, Manuj Aggarwal [EMAIL PROTECTED] wrote:
I did enable it - but it did not make a difference.
When I set the DNS to 4.2.2.2
1 - 100 of 102 matches
Mail list logo