I am running a server with cPanel behind pfSense. cPanel does not officially support this configuration (although they are considering it) because the server has no way to know what the 1-1 NAT mappings are for the DNS server. I am looking at two options to get around this: 1. Create a cPanel package/extension that will query the pfSense for the correct IP address to use. 2. A pfSense package with a rewriting DNS server. pfSense will forward queries to the internal nameserver and replace the IP addresses in the response using the 1-1 NAT table (or the primary IP if there is no 1-1, but there is port-forwarding).
Any thoughts on which of those options is better (or easier)? Option 2 is a global solution to the old NAT-reflection/Split-DNS question, but will place a higher load on the firewall. I do not know what hooks are available to query the NAT info from the pfSense. The third option is to do both... - Y
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
