pfSense Support Subscription

Author Topic: NAT port forwarding  (Read 164 times)

0 Members and 1 Guest are viewing this topic.

Offline surajitom

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
NAT port forwarding
« on: November 30, 2017, 01:32:34 am »
Dear Sir
We are using pfSense ver.2.3.3 in our office. We are able to do the internet through pfSense without any problem. The problem Iím facing is that I am not able to redirect my packet to open DNS for content filtering. I have configured Dynamic DNS and itís working fine. The cached IP is showing green. I have configured NAT as port forwarding. But my redirected packet is not reaching to open DNS at all. Even the open DNS link is also saying that my packet is not redirecting there. I want to redirect my all packets to the open DNS for content filtering all. Please help me how can I redirect the packet to open DNS.
Thanks in advance.
Surajit Chakraborty

Offline Grimson

  • Full Member
  • ***
  • Posts: 185
  • Karma: +26/-2
    • View Profile
Re: NAT port forwarding
« Reply #1 on: November 30, 2017, 03:42:51 am »
You are forwarding DNS request targeting your WAN interface to OpenDNS, this of course won't affect LAN clients unless you tell them to use your WAN address as DNS server. Set the destination address to the OpenDNS IP and mark "Invert Match", so that anything not targeted at OpenDNS will be redirected there.
« Last Edit: November 30, 2017, 03:46:36 am by Grimson »

Offline surajitom

  • Newbie
  • *
  • Posts: 8
  • Karma: +0/-0
    • View Profile
Re: NAT port forwarding
« Reply #2 on: December 04, 2017, 03:53:12 am »
Dear Sir
Thanks for your valiable information.Now I am able to block the free DNS also.I have made an allias and apply in the NAT rule.Contents are filtering as well as free DNS are being blocked.But this is a tidious and lengthy process.There are thousands of free DNS IP are exisitng. pfSense doesn't alowing me at all to put that huge amount of ip's in my allias list. Restriction is there for the number of entries.My question is there that is there any rule will be possible in pfSense that all the request will come to the pfSense and pfSense will reject if the DNS request are not matching which are mentioned in the DNS Server of the pfSense section.
Thanks in advance.