Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Unbound DNS Override for Web GUI?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unbound DNS Override for Web GUI? (Read 5244 times)
incirrata
Newbie
Posts: 19
Karma: 3
Unbound DNS Override for Web GUI?
«
on:
October 22, 2018, 10:36:38 pm »
I have a fairly complex firewall setup with multiple physical LANs and WANs. I use DHCP static mappings to help control which hosts can connect to which LAN, and Unbound to provide DNS on each LAN and the oVPN server. The web GUI is running on a separate physical interface called CONTROL, which connects to one of the LANs, called TRUSTED.
I want to be able to access the web GUI by entering the firewall's hostname and domain in my browser, as normal, but this isn't possible right now because when I nslookup the firewall, it shows the network address of all LANs and the VPN; the interfaces marked as Network Interfaces in Unbound. I tried creating a DNS override in Unbound with just the CONTROL IP, but this just added it to the list of addresses found when using nslookup.
How can I use Unbound to provide DNS to my various LANs and VPN servers, but retain only one DNS entry that corresponds to the web GUI?
Logged
Oxygen61
Sr. Member
Posts: 350
Karma: 32
Der Weg zum Erfolg hat keine Abkürzung - (Tanaka)
Re: Unbound DNS Override for Web GUI?
«
Reply #1 on:
October 24, 2018, 07:45:13 pm »
Hi incirrata,
really funny to read that post here. I had the same problem a few days ago.
To be honest i did not find a "clean" solution for that, since i tried the same like you, writing a DNS override, which doesn't work.
What i did as a workaround which worked fairly well is the following:
(Firewall -> NAT -> Port-Forward)
If Proto Sourc-Address Ports Dest-Address Ports NAT-IP Ports Description
VLAN_USER TCP 192.168.X.X/XX * This Firewall <Web-GUI Port> 192.168.X.X <Web-GUI Port> [VLAN_User] Web-GUI Administration only on one Interface
You have to create different Port-Forward rules for different source-subnets, which will likely to ask the firewall for it's web-GUI address. "This Firewall" is a Default Alias, which listens on every interface for every gateway-ip in all your different subnets, configured to use the firewall. -> You do not need to create this Alias, it's there by default.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
18.7 Legacy Series
»
Unbound DNS Override for Web GUI?