(solved) Opnsense DMZ

Started by klausneil, May 16, 2016, 01:17:12 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
May 16, 2016, 01:17:12 AM Last Edit: May 26, 2016, 03:45:43 AM by klausneil
Hi, i need configure my opnsense by allow access from the LAN to my DNS Server that is in my DMZ, please anybody tell me how make this or documentation or link. Please help me.
May 16, 2016, 10:52:25 AM #1
you need a pass rule
=> from: your lan network
=> destination: ip of your dns server
=> destination port: 53
=> protocol: udp using IPv4/IPv6
May 18, 2016, 01:57:25 AM #2
Thanks fabian, but i try this rule but not connect, my schema is this

internet(190.21.22.12)----router(192.168.1.1)----eth0(192.168.1.2)----opnsense----eth1(192.168.15.1)----LAN PCs (192.168.15.0/24)
                                                                                                                                           I___eth2 (192.168.10.1) ---- DMZ (192.168.10.0/24)
                                                                                                                                                                                                 I__MAIL(192.168.10.13)
                                                                                                                                                                                                 I__DNS(192.168.10.3)

By default my network is pointing to dns server of the opnsense but how i can connect from my LAN net to the DNS that is in my DMZ.
May 18, 2016, 08:34:00 AM #3
If you want to use it as a recursive resolver for your clients, you probably want to configure it in the DHCP settings.
May 19, 2016, 06:33:20 AM #4 Last Edit: May 19, 2016, 06:44:54 AM by klausneil
Hi my configuraton in my client winxp is this

ip:              192.168.15.27
netmask:    255.255.255.0
gateway:    192.168.15.1
dns:           192.168.10.3

And my rule is this image. but i not connect to internet, i can make ping to 192.168.10.3 from winxp and the log say that the machine is allow to dns, why this?
May 19, 2016, 08:15:02 AM #5
Can you check your DNS server logs, specifically whether your XP machine queries can reach it?
May 20, 2016, 01:52:56 AM #6 Last Edit: May 26, 2016, 03:27:06 AM by klausneil
Well i try navigate to google.com and eset.com but this not work and the log is the imagen and say:

May 19 18:43:00 bind named[1835]: client 192.168.15.29#1025 (www.eset.com.com): query (cache) 'www.eset.com.com/A/IN' denied
May 20, 2016, 07:26:47 PM #7
In this case... bind config is missing an ACL entry for your subnet 192.168.15.0/24. It refuses to answer your queries ;)
May 21, 2016, 12:41:50 AM #8
Thanks franco, you're right but you can help me? i try configure in named.conf but nothing
May 21, 2016, 11:52:22 AM #9
can you try to add this to your configuration:
allow-query { 192.168.15.0/24; };
May 21, 2016, 08:42:28 PM #10
Thanks fabian by your help but i try insert the line in my configuration named.conf.options img 01 but i try access to google.com but not work.
May 21, 2016, 08:48:58 PM #11
This is the other image.
May 21, 2016, 10:47:16 PM #12
can you try to change the next two directives too?
May 23, 2016, 10:18:38 PM #13
fabian, thank you so much, this work. thanks bro.
May 24, 2016, 11:38:30 PM #14
fabian, i supress this 2 line and work for my LAN but my DMZ not work, when try navigate or install a application example on linux server on dmz this not work, i try configure in allow-query {any;}; but this not solved
Print
Go Up Pages1 2
User actions