If you want to access the pfSense administration interface, services hosted at your home or business from the Internet, you can point a domain name (or subdomain) to the WAN IP address (external) of your company.
However, in case your ISP (Internet Service Provider) provides you Internet access with a dynamic IP address (which is the case by default), then you will need to use a dynamic domain name (DDNS).
To ensure that the desired domain name always points to your company's WAN (external) IP address, you will need to use a DDNS service (dynamic DNS).
With this type of service, you will create a domain name that can be updated frequently (via an official tool from the provider or via pre-installed scripts/plugins) so that it always points to the WAN IP address current status of your company.
If you are familiar with DNS configuration, you know that a TTL (Time to Live) value is defined on each DNS zone, or even on each DNS record.
This value simply indicates the maximum time that third-party DNS servers can retain information.
At No-IP, this TTL is 60 seconds while other DNS servers providing standard domain names use a much higher TTL (according to No-IP: 60 minutes).
This very short delay makes it possible to recover the correct IP address in 99% of cases. At worst, your domain name will point to a bad IP for a maximum of 60 seconds.
Note: most of the time, websites are hosted on servers with fixed IP addresses. In this case, using a much higher TTL will avoid overloading the bandwidth of the authoritative DNS server for the domain and will speed up DNS queries for users. Users will therefore be able to contact the ISP's DNS server (which is physically closer to them) to obtain the IP address corresponding to a domain.
To find out your IP address, go for example to the site "mon-ip.com".
As you can see, in our case the associated hostname (set by our ISP) clearly indicates that we have a dynamic IP address.
Note: if you return to this page in several days, or even several weeks (depending on the ISP), you may notice that your IP address will have changed.
Hence the interest in DDNS services for individuals or businesses that have a dynamic IP address.
Note that using a static IP address is possible, but requires payment from your ISP.
Among the DDNS domain name providers, there is "No-IP" which has been around for a long time and still provides DDNS domain names for free.
To do this, simply register with an email address and password.
Next, provide the hostname you want to create.
Important : as shown on the right of the form, to create a free No-IP account, you must select the domain name "ddns.net" from the list.
As you can see, as a free member, you can only choose one No-IP domain (so: ddns.net) and you can only create one DDNS domain.
At the bottom of the page, click on: Free Sign Up.
Once registered, you will find your DDNS domain in the section: Dynamic DNS -> No-IP Hostnames.
Note that in our case, we have been registered with No-IP for a very long time. Hence the fact that we have a domain name ".no-ip.org" (even if you can no longer choose it at present).
Before you can configure the pfSense DDNS client, make sure to configure a username for your No-IP account in "Account -> Account info", as you will need it a little later.
To configure a DNS client on pfSense, go to: Services -> Dynamic DNS.
As you can see, you can create dynamic DNS clients, as well as RFC 2136 clients.
In our case, go to the "Dynamic DNS Clients" section and click "Add".
Sources :
On the page that appears with a "Dynamic DNS Client" section, you will be able to configure the following settings for each dynamic DNS client:
In our case, we created a DDNS domain name "informatiweb.no-ip.org" at No-IP with a free account (as you saw previously).
In this case, configure your DDNS client settings like this:
Then, click Save and wait a bit. This can take up to 1 minute according to our test.
Once the DDNS client is created, you will see it appear in the "Dynamic DNS Clients" list and your WAN IP address will appear in the "Cached IP" column.
To verify that the DDNS domain name has been updated with your WAN IP address, use the Windows "nslookup" command specifying your DDNS domain name as a parameter:
Batch
nslookup informatiweb.no-ip.org
In your No-IP account, go to "Dynamic DNS -> No-IP Hostnames" and you will see your WAN IP address appear in the "IP / Target" column.
Note that when a private IP address is assigned to the pfSense WAN interface, pfSense is forced to use an external service to know your WAN IP address.
To find out which external service is used (and adapt the configuration of your firewall if necessary), go to the "Check IP Services" tab.
As you can see, by default pfSense uses the "checkip.dyndns.org" site.
The advantage being that this site only displays your WAN IP address. This makes it easier to retrieve via a script and avoids downloading a page that is too heavy each time you check.
Firewall 5/21/2025
Firewall 6/4/2025
Firewall 5/30/2025
Firewall 5/17/2025
Pinned content
Contact
® InformatiWeb-Pro.net - InformatiWeb.net 2008-2022 - © Lionel Eppe - All rights reserved.
Total or partial reproduction of this site is prohibited and constitutes an infringement punishable by articles L.335-2 and following of the intellectual property Code.
You must be logged in to post a comment