In your circumstance, you could also have overridden it on the Windows 2008 server’s DNS configuration, by adding a new authoritative (forward-resolver) domain with the *domain name* of xxxx.no-ip.org, not putting any hosts inside that domain, instead creating an “A” record for (IIRC) “this level” – the AD equivalent to an “@” record in BIND – and putting the IP address in there. (Yes, it sounds weird [unless you regularly eat DNS zonefiles for breakfast], but it works.)
Doing it that way removes the dependency on pfSense altogether. -Adam Thompson <mailto:[email protected]> [email protected] (204) 291-7950 - direct (204) 489-6515 - fax From: Marc R. Meshurle Jr. [mailto:[email protected]] Sent: Sunday, October 02, 2011 13:50 To: '[email protected]'; 'pfSense support and discussion' Subject: RE: [pfSense] Loopback Connection Worked like a charm. Since the Windows AD network with DNS is behind the PFS, I had to change the Windows 2008 DNS Server forwarders to point to the PFS, then it worked after the entries to the forwarders so dnsmasq could resolve. Thanks again! Marc From: [email protected] [mailto:[email protected]] On Behalf Of Adam Thompson Sent: Sunday, October 02, 2011 11:52 To: 'pfSense support and discussion' Subject: Re: [pfSense] Loopback Connection I have an identical setup at home, and AFAIK the best way to address it is to use DNS aliases. It is possible to use NAT Reflection to make this work seamlessly without DNS aliases, but now you’re forcing all the internal mail traffic to go through the firewall and then to the mail server instead of directly to the mail server. Luckily, setting up DNS aliases is trivial with the dnsmasq GUI built into pfSense. I’m using 2.0 now, but I think it’s in the same place on 1.2.3: ServicesàDNS Forwarder. All this does is short-circuit recursive DNS resolution when dnsmasq gets the query, it doesn’t affect anything on the outside. The IP address you enter there is the internal IP of your mail server, not the public (NAT’d) IP. As long as your wifi device uses your pfSense gateway for DNS resolution when you’re at home (which it probably does if you use DHCP) everything should just work. -Adam Thompson [email protected] From: [email protected] [mailto:[email protected]] On Behalf Of Marc R. Meshurle Jr. Sent: Sunday, October 02, 2011 05:30 To: '[email protected]' Subject: [pfSense] Loopback Connection I have a DDNS address and host a mail server behind the PFS 1.2.3 box. When inside on a Wi-Fi connection with a mobile device, it looks for the DDNS address for getting mail which is different than the internal DNS name for the mail server. Is there a way to create a loopback connection for the LAN client to see the DDNS address without making an internal DNS alias? Internal mail server is servername.xxxx.local External DDNS address is xxxx.no-ip.org Mail is being sent from outside to the xxxx.no-ip.org for delivery Thanks! Marc R. Meshurle, Jr. Owner/Senior Engineer Kato Technology Solutions, Inc. Exton, PA. 19341
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
