I have a bit of a problem understanding this.
If all your devices, including the Pi-hole, are in the pfSense network, then the DNS entries of the Internet box itself are not used at all, unless of course you would automatically transfer them to your pfSense network unnecessarily.
Why do you want to enter something different from the default on the Internet box?
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
@NilsL No, unfortunately not, the Ibox seems to immediately validate the DNS servers when entering the 10.x network.
@Neliommiosch84 wrote:
@NilsL Okay, I was able to solve this problem, thanks.
Anyone else have @Werner? any idea how I could solve the original problem?
Or why Swisscom even prohibits a DNS server in a different subnet?
This is not Swisscom banning something like this, but rather normal IP network technology with the associated routing tables and rules, which basically read:
- public IP addresses are routed to the Internet
- private IP addresses are only routed within the router’s own network
You’re currently trying to reinvent network technology without any apparent benefit to me.
If I understand it correctly, according to your wishes, your DNS server (presumably the Pi-hole appliance) should reside behind an additional firewall (the pfSense) in its own private IP range.
Aside from the fact that this doesn’t work, what’s the point of it anyway?
In principle, of course, the concept applies that you operate your Pi-hole within the same network in which it is to be used, and if not, it certainly belongs on the highest level of the router cascade, i.e. directly in the IP network of the Internet box.
Why are you even trying to deviate from that?
Hobby-Nerd ohne wirtschaftliche Abhängigkeiten zur Swisscom
I don’t really understand why this shouldn’t work.
Currently my servers (no RPi) are running behind an additional pfsense so that I have more functions, vlans etc.
It is not possible to replace the IBox because other residents rely on it.
That’s why pfsense runs with its own network, with the aim of operating all servers from a central Proxmox cluster. On the one hand, it is not possible to install a server from a slightly distant location directly behind the IBox and it would make absolutely no sense for me, as I would like to manage all servers centrally via Proxmox.
P.S. Currently it only works with a forwarder DNS server from pfsense in between.
- Solutionselected by Neliommiosch84
@“x”#1036128You can also bring the Pfsense VM into the IB network via VLANs
I’m using a bit of “microtic language” here because I’ve never seriously dealt with Pfsense in a production environment
So you make a bridge with the WAN port and a VLAN interface on the LAN side. Then you select the same VLAN in the PiHole container settings in Proxmox
The PiHole should then get an IP from the IB
Then specifying this IP as DNS from Pfsense should not be a problem at all
Thank you very much for this tip, I really wouldn’t have thought that something like this was possible.
I’ve even managed to get the VM to get an IP from the IBox, but I’m currently still having a few firewall rules problems (https://forum.netgate.com/topic/187063/vlan-to-bridge-to-wan-side /3))
But I’m probably better off in the pfsense forum, unless someone here has an idea. 🙂
Many thanks to everyone especially @NilsL