Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Cypher100

Pages: [1]

Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense

« on: July 27, 2018, 08:11:04 pm »

Quote from: Raccoon on July 27, 2018, 12:28:54 pm

Hello cypher100,

Thank you very much, exactly what I was looking for!

Just one question, how can I see that it is working correctly?
Because when I use 8.8.8.8 as manual DNS server everything works (as expected) but I want to see that it is really working in the Logs or somewhere else.

Thank you!

I added yahoo.com pointing to 127.0.0.1 as a host override. Then on my windows computer I use the command "nslookup yahoo.com 8.8.8.8" to see if it resolves to 127.0.0.1. Using nslookup should bypass any DNS cache on your local computer, but if it doesn't I ran ipconfig /flushdns before running the nslookup command.

General Discussion / Re: DHCP between OPNsense und Ubiquiti (VLANs) not working

« on: July 26, 2018, 04:42:19 am »

I'm not to familiar with Unifi. But I noticed you didn't specified PVID. Have you set PVID on port 2?

Did you enable the DCHPv4 service for the network interface? Under Services -> DHCPv4 -> NetworkName, and have it enabled with the specified range?

Tutorials and FAQs / HOWTO - Redirect all DNS Requests to Opnsense

« on: July 26, 2018, 03:16:37 am »

This tutorial will show you how to force all DNS querys to go through Opnsense router regardless of DNS servers specified on the local system. This will redirect anything going through 53 to the router itself.

Go to Services -> Unbound DNS -> General

Verify that ether ALL is selected or localhost with your LAN is selected.

Go to Firewall -> NAT -> Port Forward

Click the add new rule button

Set the following settings below.

Interface: LAN
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: LAN address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable

Note: If you have multiple networks, you would have to make a rule for each network. Make sure unbound is listening on the other network interfaces too.

Example for Wireless network:
Interface: Wireless
Protocol: TCP/UDP
Destination / Invert: Checked
Destination: Wireless address
Destination Port: DNS
Redirect target IP: 127.0.0.1
Redirect target port: DNS
NAT reflection: Disable

Here is my setup as a example after adding all the rules.

Now that the port forward rules have been created. We now have to adjust the rules under the firewall to make sure the DNS redirect is hit first.

Go to Firewall -> Rules -> LAN

Move the DNS redirect rule above "Default allow LAN to any rule" rule

Then apply changes, and the final result should look like this.

Notes: If you have multiple interfaces, you would have to move the rule for each interface.

Pages: [1]