Hi, i have a doubt about multiple vlans if you have a pfsense doing the dns+dhcp service, can only forward the dns override or domain override.
because i dont wanna pass the dns+dhcp for nethserver in a production enviroment rigth now.
Greatings from el salvador.
Ehi Jose, if I have correctly understood your request you can add a different “Dns Server” from Nethserver to the DHCP configuration.
BTW Welcome here, what are you working on?
Hi Alessio, but i suposse that nethserver has to be the dhcp server in that case? i wanna use the dhcp from pfsense because we use some vpn peers and pfsense is routing all of that.
Hi Jose,
No it only means that the first DNS queried by the client is the Domain Controller
Then either you make the DC forward all the queryes to the PFSense,
Or you can add the secondary the PFSense box.
In PFsense you can manage to add the domain for your organisation
This is for example how my home setup is done.
pfsense GW and FW DNS + DHCP and another box is the Domain controller.
Hi, Ctek can you guide me, with the logical aproach to this.
let me see if i rigth:
client----- Nethserver(DNS)
----- Pfsense (DHCP)
?
can work only to forward the DNS querys of DHCP of pfsense to the nethserver in the DHCP config o that interface?
Hi Jose,
In the DHCP setting page of pfSense the first DNS you specify for the LAN is the IP address of the NS.
Then, on the NS dns (network) page you put the ISP ISP (outside dns like 8.8.8.8 etc)
This way the pfsense will specify to all the clients that the NS box is the DNS resolver for that LAN domain.
Also the Nethserver will then know to forward all (non local) dns queries to the ISP dns’s. This is done so you will not end up in a loop.
Hope you understand 
If not come back with more questions.
BR.
already forward the dns for the NS server from pfsense but the domain only work in the lan of the NS server, another networks doenst work, but i have rules for the NS server for pass to others networks?
You are having a lan behind NS ?
The whole purpose of this was that NS is part of a lan and does not separate the clients.
This means that PFSense and Nethserver are all in the same Lan / subnet.
From what I understand your setup is something like this:
And the suggestions I’ve provided should work with this setup.
Please let me know if this is correct or not, because otherwise i can’t advice any further without knowing the setup.
Hi,
For a question of logic, in this case, I would prefer to let the DHCP Server and the DNS for PFsense.
I have multiple vlans scenario, but still dont have Nethserver as DC.
this is a representation of my scenario, Ctek.
Just to know, what tool are you using for these representations?
am using draw.io for rapid diagrams
Have you resolved yet? Can you mark this topic as solved?
I still have not finished solving, work had me too busy, I will try the next few days.
But what’s it exactly the dificulty?
Let’s PFsense as your actual Firewall/Gateway with the DNS, DHCP, VPN.
And configure Nethserver as server only ( without Firewall/gateway stuff ) for only the Open LDAP service. For the Nethserver installation, perhaps it’s better to do a Minimal CentOS install with the network configuration, and install Nethserver on it.
Hi,
pfsense can achieve what are you trying to do by defining the Resolver host over-rides; this typically allows for DNS resolution for your over-rides as long as the over-ride matches the IP-address of the Nethserver host AND All Hosts are allowed to query the Pfsense box for this information.
Verify that your hosts are using the correct pfsense DNS gateway for DNS resolution via DHCP (by default it should already be this way if pfsense is handing out IP addresses); next verify that all interfaces that clients are hanging off of are allowed to hit TCP/UDP 53 on their respective ingress interface.
verify that you have statically defined the IP address of the Nethserver host (or static DHCP binding) for accuracy.
If all of the above has already been verified, then we would need to see the Pfsense configuration and the configuration of Nethserver.
Thank you
Sorry for the delay to respond, at the moment and implement it, I have a pfsense like (dhcp, dns, vpn) and leave nethserver as Active directory in the networks of end users nothing more.
Only was necessary to leave in the configuration of DHCP of pfsense to the Nethserver like DNS and all querys go well when adding new pc’s.
To nethserver leave the address of the same as DNS and secondary the DNS address of Pfsense.
I hope someone finds it useful.
Greetings from El Salvador.
