Some questions about 17.1 beta

Started by xmichielx, January 09, 2017, 03:46:07 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 09, 2017, 03:46:07 PM
Hi,

Got some questions about the new beta which I am using (and very happy with :) ) :

- Can I easily upgrade to the 17 final when its ready from the current beta version?
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?

Thanks for any pointers :)

Michiel
January 09, 2017, 03:57:55 PM #1
Quote from: xmichielx on January 09, 2017, 03:46:07 PM
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
I am doing this via a transparent proxy but you may be able to do this via firewall rules as well.

Quote from: xmichielx on January 09, 2017, 03:46:07 PM
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
You just need to create a "Port Forward" rule, which sends all requests to the local IP of the firewall.
January 09, 2017, 09:43:36 PM #2 Last Edit: January 09, 2017, 09:51:36 PM by xmichielx
Quote from: fabian on January 09, 2017, 03:57:55 PM
Quote from: xmichielx on January 09, 2017, 03:46:07 PM
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
I am doing this via a transparent proxy but you may be able to do this via firewall rules as well.
I rather use something like DNS then a HTTP or HTTPS solution ... there are multiple dnsmasq/unbound scripts out there that I really want to use.
And I rather not block 5000 hosts by hand via the gui with a firewall rule..;)

Quote from: fabian on January 09, 2017, 03:57:55 PM
Quote from: xmichielx on January 09, 2017, 03:46:07 PM
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
You just need to create a "Port Forward" rule, which sends all requests to the local IP of the firewall.

But shouldn't the outbound nat rule not be used for this?
Port forward sounds like inbound connections for the WAN interface which I am using it for the forward HTTP, HTTPS and SSH from the WAN to the inside.

-EDIT: the port forward for DNS seems to work  8) but I am still questioning why the outbound NAT rules did not work since their names make more common sense (as it is an outbound NAT rule).
Print
Go Up Pages1
User actions