ok...for DNS...you need to allow both TCP and UDP....Can you share the screen shot of your firewall rule..?
On Thu, Jan 6, 2011 at 1:18 PM, Pandu Poluan <[email protected]> wrote: > Yes, I was accessing the external IP address from a different network. > > E.g. The 100.x.y.z is on ISP A, I tried to access it from a computer > with IP 200.p.q.r on ISP B. > > Rgds, > > > On 2011-01-06, Abdulrehman <[email protected]> wrote: > > You can not access the public IP address of the same IP pool. You have > this > > 100.2.2.8/25 on your WAN interface. Check this 100.2.2.9:53 from outside > > your network. From inside, you can not use this (100.2.2.9:53) address > to > > query your DNS. Use the internal network address of the DNS server. > > > > On Thu, Jan 6, 2011 at 10:58 AM, Pandu Poluan <[email protected]> wrote: > > > >> Hello again! > >> > >> I think I'm having trouble with VIP. > >> > >> The scenario is this (IP addresses obfuscated): > >> + WAN address is 100.2.2.8/25 > >> + LAN address is 192.168.1.1/24 > >> + I create a VIP, CARP, 100.2.2.9/25 > >> > >> Now, I tried to make a NAT: > >> + 100.2.2.9:53 forwards to 192.168.1.20:53 > >> + A firewall rule is automatically created > >> > >> However, all attempts to contact the DNS Server via 100.2.2.9:53 fail. > >> > >> If I try ping-ing an external IP address from the DNS Server > >> (192.168.1.20), it works. > >> > >> Where did I go wrong? > >> > >> -- > >> Pandu E Poluan > >> > > > > > > > > -- > > > > > > Regards > > Abdulrehman > > > > > -- > -- > Pandu E Poluan - IT Optimizer > My website: http://pandu.poluan.info/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > Commercial support available - https://portal.pfsense.org > > -- Regards Abdulrehman
