OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: xmichielx on January 09, 2017, 03:46:07 pm
-
Hi,
Got some questions about the new beta which I am using (and very happy with :) ) :
- Can I easily upgrade to the 17 final when its ready from the current beta version?
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
Thanks for any pointers :)
Michiel
-
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
I am doing this via a transparent proxy but you may be able to do this via firewall rules as well.
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
You just need to create a "Port Forward" rule, which sends all requests to the local IP of the firewall.
-
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
I am doing this via a transparent proxy but you may be able to do this via firewall rules as well.
I rather use something like DNS then a HTTP or HTTPS solution ... there are multiple dnsmasq/unbound scripts out there that I really want to use.
And I rather not block 5000 hosts by hand via the gui with a firewall rule..;)
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
You just need to create a "Port Forward" rule, which sends all requests to the local IP of the firewall.
But shouldn't the outbound nat rule not be used for this?
Port forward sounds like inbound connections for the WAN interface which I am using it for the forward HTTP, HTTPS and SSH from the WAN to the inside.
-EDIT: the port forward for DNS seems to work 8) but I am still questioning why the outbound NAT rules did not work since their names make more common sense (as it is an outbound NAT rule).