Multi Wan: question about DNS rule

Started by sirio81, March 28, 2018, 10:15:20 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
March 28, 2018, 10:15:20 AM
Followinf the documentation, at step 5:
QuoteAdd a rule just above the default LAN allow rule to make sure traffic to and from the firewall on port 53 (DNS) is not going to be routed to the Gateway Group that we just defined.
I don't undestrand why it's wrong to use the gateway group for dns queries instead of the default gw.
Could you explain it?
March 28, 2018, 12:17:42 PM #1
I ask the same question on another way:
why matching only the DNS requests?
When I set WANGWGROUP as gateway in the lan rule, I can't ping OPNsense anymore.

I also notice that OPNsense reason in different way of linux based firewall:
a request for the firewall ip itself, on linux based fw is not going to be routed.

Second, when editing fw rules on OPNsense, I thought that selecting 'default' as gw, it was going to use the gateway marked as default.
Instead it means the firewall itself it seems.


March 28, 2018, 12:28:22 PM #2
It's only wrong if your clients use the DNS of the OPNsense itself! If your clients use an external DNS you can also add them to GWGROUP
Print
Go Up Pages1
User actions