Firewall aliases mapped on DNS entries in pfsense

Question

Is there a way, in PfSense, to add aliases to the firewall, based on hostnames registered in the DNS server?

What I want to achieve is to setup a port forwarding rule, using pure NAT, to PC1.example.com, but PfSense says (same with only PC1 in the target field):

"PC1.example.com" is not a valid redirect target IP address or host alias.

I wish :( I can't find a way – Mitch Talmadge Aug 28 '22 at 21:42 — Mitch Talmadge, Aug 28 '22 at 21:42

score 0 · Answer 1 · answered Feb 21 '23 at 08:52

The answer is in the error message. Use "host alias"!

Go to Firewall > Aliases > IP
Click "Add".
Give it a spunky name like "MY_FIRST_ALIAS"
Keep the Type at "Host(s)"
Below at the "Host(s)" section add your "PC1.example.com" in the "IP or FQDN" field.
"Safe"
"Apply Changes"
Go to Firewall > NAT
Add your NAT rule and as a "Redirect Target IP" you can now chose
- Type: "Single host"
- Address: "MY_FIRST_ALIAS"

That's it. Pfsense will refresh the DNS resolution of "PC1.example.com" periodically and will update the NAT and Firewall rules accordingly.

Firewall aliases mapped on DNS entries in pfsense

1 Answers1