Please find attached the screenshot of my firewall. Explanation: + "... Public" is an alias for 10.2.2.8 and 10.2.2.9 + The four blackened nets are 192.168.1.
Rgds, -- Pandu E Poluan On Thu, Jan 6, 2011 at 15:22, Abdulrehman <[email protected]> wrote: > ok...for DNS...you need to allow both TCP and UDP....Can you share the > screen shot of your firewall rule..? > > > On Thu, Jan 6, 2011 at 1:18 PM, Pandu Poluan <[email protected]> wrote: > >> Yes, I was accessing the external IP address from a different network. >> >> E.g. The 100.x.y.z is on ISP A, I tried to access it from a computer >> with IP 200.p.q.r on ISP B. >> >> Rgds, >> >> >> On 2011-01-06, Abdulrehman <[email protected]> wrote: >> > You can not access the public IP address of the same IP pool. You have >> this >> > 100.2.2.8/25 on your WAN interface. Check this 100.2.2.9:53 from >> outside >> > your network. From inside, you can not use this (100.2.2.9:53) address >> to >> > query your DNS. Use the internal network address of the DNS server. >> > >> > On Thu, Jan 6, 2011 at 10:58 AM, Pandu Poluan <[email protected]> >> wrote: >> > >> >> Hello again! >> >> >> >> I think I'm having trouble with VIP. >> >> >> >> The scenario is this (IP addresses obfuscated): >> >> + WAN address is 100.2.2.8/25 >> >> + LAN address is 192.168.1.1/24 >> >> + I create a VIP, CARP, 100.2.2.9/25 >> >> >> >> Now, I tried to make a NAT: >> >> + 100.2.2.9:53 forwards to 192.168.1.20:53 >> >> + A firewall rule is automatically created >> >> >> >> However, all attempts to contact the DNS Server via 100.2.2.9:53 fail. >> >> >> >> If I try ping-ing an external IP address from the DNS Server >> >> (192.168.1.20), it works. >> >> >> >> Where did I go wrong? >> >> >> >> -- >> >> Pandu E Poluan >> >
<<attachment: Firewall.png>>
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
