pfSense Gold Subscription

Author Topic: [SOLVED] No DNS Resolution for vlan  (Read 2158 times)

0 Members and 1 Guest are viewing this topic.

Offline christophdb

  • Newbie
  • *
  • Posts: 11
  • Karma: +2/-0
    • View Profile
[SOLVED] No DNS Resolution for vlan
« on: September 11, 2014, 03:37:08 am »
Hi everybody,

I have a very strange situation and I am sure that I missed just one click to complete my desired setting.
I have a pfsense (v 2.1.4), a zyxel switch (GS1910-24) and a tp-link access point (TL-WA801N).

I have defined to SSIDs on the access point:
- home with vlan-id 1
- guests with vlan-id 200

If I connect to "home" I receive a correct IP from PFSense within the subnet 5.x, gateway 5.1 (=pfsense) and I can browse the internet
If I connect to "guests" I receive a correct IP from PFSense within the subnet 2.x, gateway 2.1 (=pfsense) and I can ping the pfsense from the client and pfsense can ping the client. I can access pages directly like: "http://5.35.240.23/" but www.google.de is not working.

My questions:
1) this sounds like a DNS Problem, right? Because I have internet access but only if I browse directly to an ip.
2) Do you have any idea what I missed to make sure that PFSense works correctly as a DNS Server?

Hints:
- DNS Forwarder is activated
- there is an allow any rule for the vlan-id200 in pfsense
- I can ping www.google.de from PFSense webinterface with the source VLAN200

Thank you very much for your help.
Best regards
Christoph
« Last Edit: September 12, 2014, 12:37:22 am by christophdb »

Offline christophdb

  • Newbie
  • *
  • Posts: 11
  • Karma: +2/-0
    • View Profile
[SOLVED] No DNS Resolution for vlan
« Reply #1 on: September 12, 2014, 12:35:03 am »
Hi everybody,

I found the solution!!! just for all the other who might face this problem. I had a allow any rule, but this rule was only for "tcp" Requests - and DNS requests are "udp".
As I said it was only one more click.

Now I have 4 rules for my vlan200:
Allow TCP, port 80 to anything but LAN (= !LAN)
Allow TCP, port 443 to !LAN
Allow UDP, port 53 to 192.168.2.1 (Pfsense)
Block everything else.

Best regards
Christoph

Offline trademark27

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Re: [SOLVED] No DNS Resolution for vlan
« Reply #2 on: December 26, 2017, 03:16:21 pm »
Thanks bro i was getting the exact problem. Didn't realize the Allow Any rule was only for TCP. Thnx a bunch.