Split DNS/PFSense


Recommended Posts

I posted this on Reddit, too, but forgive me for reaching out here too. 
 

Good Evening,

 

Hoping someone can get me pointed in the best direction possible. Going to try to outline my setup best as possible but it’s possible I’ll leave something out.

 

-PFSense- 192.168.1.1(DNS Resolver ON/ DNS Forwarder OFF)(DHCP DNS being handed out is Pi-Hole address below)
-Unraid Server- 192.168.1.5
-Pi-Hole- 192.168.1.55
-Letsencrypt- On Unraid Network Proxynet 172.18.0.0/16
-Proxied Services- all on “Proxynet” defined above. 
-Proxied services all going through Cloudflare CDN then to my WAN IP via way of A Record.  

Apps in question: Bitwarden, Nextcloud/Collbora, Guacamole and Emby. 

 

I have my reverse proxy all set up, seemingly fine. Can browse to nextcloud.domain.net and get to NC etc. 

 

So what I need help with... I can’t for life of me figure out how to SplitDNS with my setup configured like this. I’ve tried setting up NAT a kazillion ways pointing the above, nextcloud.domain.net etc, to 192.168.1.5 and no dice. With NAT it doesn’t let me predetermine port numbers? I’ve tried messing with port forwards from and to different interfaces as well and just can’t figure it out . The port numbers coming into Letsencrypt are are 180/1443. I have also been setting up a Host Override in DNS Resolver in PFSense to no avail, as well. All my DNS hit Pi-Hole and it has conditional forwarding to forward local domain stuff back to PFSense to be resolved but obviously my FQDN of reverse proxied stuff it doesn’t catch. In PFSense>System>Advanced>Firewall & NAT I currently have Nat Reflection mode to “Pure NAT”, but I’ve also tried NAT + Proxy as well, too, without success. I’ve also wondered if I have issues here because I have my Proxied Apps hitting Cloudflare CDN and from Cloudflare being A Recorded to my PfSense instance. So perhaps Cloudflare being involved is why PFSense NAT can’t pick up on the fact these services at my domain are local?

 

So, what do I need? Any and ALL advice if anyone has a similar setup or has gone through figuring this out? Pointers? Tips? When messing with NAT myself which exact IP and PORT should I be pointing to for services, despite actual services being on different ports on Unraid?

 

Please. Help. Before. I. Go. Crazy. Lol

 

Thanks!

Link to comment
I’ve read your post a couples of times but it’s not clear to me what you want to do?

 

Why do you have the pi doing the dhcp instead of pfsense.

 

 

Sent from my iPhone using Tapatalk

Pi-Hole is only doing DNS.

 

What I’m trying to accomplish: working NAT for local hosted Subdomains.

 

What I think problem is: Pihole not making PFSense aware of subdomains locally hosted OR Pfsense not automatically picking up on NAT because Cloudflare is proxying connections before forwarding back to local server/services.

Link to comment
Pi-Hole is only doing DNS.
 
What I’m trying to accomplish: working NAT for local hosted Subdomains.
 
What I think problem is: Pihole not making PFSense aware of subdomains locally hosted OR Pfsense not automatically picking up on NAT because Cloudflare is proxying connections before forwarding back to local server/services.



Ah!

I don’t use the pi-hole but what you’ll need is a dns resolver, I use pfsense but employ dns resolver and dns forwarder that’s how I get it to my proxied apps from within my network.

Also you may google hair pinning on pfsense that may help you out.


Sent from my iPhone using Tapatalk
Link to comment
  

Ah!

 

I don’t use the pi-hole but what you’ll need is a dns resolver, I use pfsense but employ dns resolver and dns forwarder that’s how I get it to my proxied apps from within my network.

 

Also you may google hair pinning on pfsense that may help you out.

 

 

Sent from my iPhone using Tapatalk

 

 What does employ dns run on? Yeah I figured out with Pi-Hole how to forward domains to unraid server(IP) BUT Letsencrypt listens on port 180 and 1443 and forwarding with Pi-Hole I can’t specify port. Any info you could provide about Employ dns would be appreciated!

 

I’ve even tried setting up another reverse proxy on unraid, to locally forward, but it won’t let me use it on ports 80/443 so just seem to be jammed up every which way I turn.

 

EDIT: I’m a idiot. You USE Resolver AND Forwarder on PFSense. At any rate, yet please provide any and all relevant details. Maybe I’ll have to take Pihole out of loop and just use pfBlocker only instead I guess I didn’t think it was suggested to run both Forwarder and Resolver though?

 

 

EDIT2: yeah with Cloudflare in between I’ve tried PFSense NAT+Proxy but failed every which way I’ve tried it.

 

Link to comment


What does employ dns run on? Yeah I figured out with Pi-Hole how to forward domains to unraid server(IP) BUT Letsencrypt listens on port 180 and 1443 and forwarding with Pi-Hole I can’t specify port. Any info you could provide about Employ dns would be appreciated!

I’ve even tried setting up another reverse proxy on unraid, to locally forward, but it won’t let me use it on ports 80/443 so just seem to be jammed up every which way I turn.


Sorry for the employ phrase. What I meant is I use pfsense dns resolver and forwarder.


You don’t have to use 180/1443 for the container you can use anything else as long the external stay 80/443.




Sent from my iPhone using Tapatalk
Link to comment


Sorry for the employ phrase. What I meant is I use pfsense dns resolver and forwarder.


You don’t have to use 180/1443 for the container you can use anything else as long the external stay 80/443.




Sent from my iPhone using Tapatalk


Yeah not sure I’m prepared to change all the ports up and have to reset up all the subdomain.conf files.

Can you please explain more(see my idiot edits above LOL) about how you are using both Resolver and Forwarder? Would you recommend maybe I just take Pihole out of equation? Could you show screen shots of your settings for Resolver and Forwarder and DNS Settings under General Setup? Pm me maybe if you don’t want redacted info in public?
Link to comment


Yeah not sure I’m prepared to change all the ports up and have to reset up all the subdomain.conf files.

Can you please explain more(see my idiot edits above LOL) about how you are using both Resolver and Forwarder? Would you recommend maybe I just take Pihole out of equation? Could you show screen shots of your settings for Resolver and Forwarder and DNS Settings under General Setup? Pm me maybe if you don’t want redacted info in public?


I took my pi-hole because it kept dying or freezing up. It was never because I could not configure the reverse proxy stuff.


Sent from my iPhone using Tapatalk
Link to comment



https://nguvu.org/pfsense/pfsense-baseline-setup/

Look at the parts were this guy use the resolver and forwarder



Sent from my iPhone using Tapatalk


Just read through it. Essentially he’s doing same thing as I am currently.. well I mean using the dns Resolver for one specific network and Forwarder for another network. I’m currently using Pihole for adult network and pfBlocker for kids network. Not sure using dns Resolver and Forwarder how he is would help me any though... goodness one wouldn’t think this would be this hard
Link to comment

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.