OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: sirio81 on March 28, 2018, 10:15:20 am

Title: Multi Wan: question about DNS rule
Post by: sirio81 on March 28, 2018, 10:15:20 am
Followinf the documentation (https://wiki.opnsense.org/manual/how-tos/multiwan.html), at step 5:
Quote
Add a rule just above the default LAN allow rule to make sure traffic to and from the firewall on port 53 (DNS) is not going to be routed to the Gateway Group that we just defined.
I don't undestrand why it's wrong to use the gateway group for dns queries instead of the default gw.
Could you explain it?
Title: Re: Multi Wan: question about DNS rule
Post by: sirio81 on March 28, 2018, 12:17:42 pm
I ask the same question on another way:
why matching only the DNS requests?
When I set WANGWGROUP as gateway in the lan rule, I can't ping OPNsense anymore.

I also notice that OPNsense reason in different way of linux based firewall:
a request for the firewall ip itself, on linux based fw is not going to be routed.

Second, when editing fw rules on OPNsense, I thought that selecting 'default' as gw, it was going to use the gateway marked as default.
Instead it means the firewall itself it seems.


Title: Re: Multi Wan: question about DNS rule
Post by: mimugmail on March 28, 2018, 12:28:22 pm
It's only wrong if your clients use the DNS of the OPNsense itself! If your clients use an external DNS you can also add them to GWGROUP