Worked like a charm. Since the Windows AD network with DNS is behind the PFS, I had to change the Windows 2008 DNS Server forwarders to point to the PFS, then it worked after the entries to the forwarders so dnsmasq could resolve.
Thanks again! Marc From: [email protected] [mailto:[email protected]] On Behalf Of Adam Thompson Sent: Sunday, October 02, 2011 11:52 To: 'pfSense support and discussion' Subject: Re: [pfSense] Loopback Connection I have an identical setup at home, and AFAIK the best way to address it is to use DNS aliases. It is possible to use NAT Reflection to make this work seamlessly without DNS aliases, but now you’re forcing all the internal mail traffic to go through the firewall and then to the mail server instead of directly to the mail server. Luckily, setting up DNS aliases is trivial with the dnsmasq GUI built into pfSense. I’m using 2.0 now, but I think it’s in the same place on 1.2.3: Services-->DNS Forwarder. All this does is short-circuit recursive DNS resolution when dnsmasq gets the query, it doesn’t affect anything on the outside. The IP address you enter there is the internal IP of your mail server, not the public (NAT’d) IP. As long as your wifi device uses your pfSense gateway for DNS resolution when you’re at home (which it probably does if you use DHCP) everything should just work. -Adam Thompson [email protected]<mailto:[email protected]> From: [email protected] [mailto:[email protected]] On Behalf Of Marc R. Meshurle Jr. Sent: Sunday, October 02, 2011 05:30 To: '[email protected]' Subject: [pfSense] Loopback Connection I have a DDNS address and host a mail server behind the PFS 1.2.3 box. When inside on a Wi-Fi connection with a mobile device, it looks for the DDNS address for getting mail which is different than the internal DNS name for the mail server. Is there a way to create a loopback connection for the LAN client to see the DDNS address without making an internal DNS alias? Internal mail server is servername.xxxx.local External DDNS address is xxxx.no-ip.org Mail is being sent from outside to the xxxx.no-ip.org for delivery Thanks! Marc R. Meshurle, Jr. Owner/Senior Engineer Kato Technology Solutions, Inc. Exton, PA. 19341
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
