The way we do it in my office is using Split DNS. We have DNS servers in a datacenter that resolve public queries for our servers and return the public IP addresses. We also have internal DNS (we are using a server but you can use the pfSense's built-in DNS server) and our names point to the private internal addresses.
For example, DNS for our web site is 71.179.xxx.xxx in our offsite DNS but it is 192.168.xxx.xxx in our internal DNS. This has the added benefit of taking a substantial load off of the pfSense hardware because it doesn't have to do NAT translation between addresses on the same side of the network. That capacity is then available for real incoming and outgoing connections. We also see great speed improvements because we have a gigabit internal network but our pfSense throughput is closer to 100mbit. It is a little bit more work to maintain two sets of DNS records but it simplifies configuration and improves response times from the server. Moshe -- Moshe Katz -- [email protected] -- +1(301)867-3732 On Tue, May 1, 2012 at 10:30 AM, Nelson Serafica <[email protected]>wrote: > I've pfsense with port forwarding running fine if the rules is WAN to > LAN but if the rules is LAN to LAN. It doesn't work. I'm using DSL and > if WAN is down, local users cannot access the server because the ip on > WAN is not available. To resolve this issue, I use dynamic forwarder > and point the domain to the LAN Interface of pfsense and create a NAT > rule from the LAN interface redirecting port 587 to Server A port 587. > Server A has the same subnet of LAN Interface. > > e.g. LAN interface is 10.0.1.1. I want to port forward 10.0.1.1 port > 587 to 10.0.1.2 port 587. Is this possible? > _______________________________________________ > List mailing list > [email protected] > http://lists.pfsense.org/mailman/listinfo/list >
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
