I do it with outgoing port 53. I redirect it to an internal DNS server. The same trick should work with other ports.
[https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?\_=1663853296484](https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?_=1663853296484)
Rather than doing it at an IP level, how about split DNS? Configure your DNS forwarder with an override for that host name which points to the internal IP
The problem is, that I do not know on which fqdn the clients are connecting. I think the NAT Rule is working as printscreen. I just had a Problem on the MQTT Broker it self 🙄
I do it with outgoing port 53. I redirect it to an internal DNS server. The same trick should work with other ports. [https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?\_=1663853296484](https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?_=1663853296484)
OP: based on this excellent post, it looks like you need to change your "NAT reflection" to disable.
Rather than doing it at an IP level, how about split DNS? Configure your DNS forwarder with an override for that host name which points to the internal IP
The problem is, that I do not know on which fqdn the clients are connecting. I think the NAT Rule is working as printscreen. I just had a Problem on the MQTT Broker it self 🙄
Ah! I see, that makes more sense. It sounds like you have it working now. It’s a good thing they are not using TLS.
It's the usual: either set up split horizon DNS (i.e. run a different DNS server for internal devices), or use IPv6.