Messages

1

23.7 Legacy Series / Re: Updating BGP ASN List?

« on: November 09, 2024, 11:21:05 am »

Hi,
I know that this is an old topic but this info might help someone.
Simply changing and appying the alias to ASN 0 (non-existent) will trigger the update. Changing it back to the right ASN number the update will be triggered again with the correct result.
All aliases are in separate files under

Code: [Select]

ls -al /var/db/aliastables

2

23.1 Legacy Series / Redirect all outgoing DNS queries to localhost

« on: July 02, 2023, 09:08:34 pm »

Hello,

Following the https://forum.opnsense.org/index.php?topic=9245 I've created a port forward rule.
Apparently this correctly forwards all DNS queries to localhost, but the firewall responds with its own interface address as source, so the client will not accept it.
See the following tcpdump output taken on the firewall:
192.168.2.21: client ip
192.168.2.254: fw interface ip

Code: [Select]

21:32:43 IP 192.168.2.21.35156 > 8.8.8.8.53: 52992+ [1au] A? dw.com. (47)
21:32:43 IP 192.168.2.254.53 > 192.168.2.21.35156: 52992 2/0/1 A 194.55.30.46, A 194.55.26.46 (67)In my understanding the firewall just sent back the reply to the client and following its routing table it realized that it has an interface in the client's subnet -> the response packet did not pass through the NAT (portforward) rule -> the source did not get overwritten to 8.8.8.8
What did I set wrong?
Not sure if it is important, but AdGuardHome is listening on the firewall all ip and port 53.

It seems to me that I am not alone: https://forum.opnsense.org/index.php?topic=9245.msg164547#msg164547

Not sure if I have to deal with Rules/adbanced features/reply-to?