Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
opnsense block google dns
« previous
next »
Print
Pages: [
1
]
Author
Topic: opnsense block google dns (Read 10203 times)
klausneil
Jr. Member
Posts: 73
Karma: 4
opnsense block google dns
«
on:
May 24, 2016, 12:40:30 am »
Hi, anybody tell me how can i block the use of google dns (example 8.8.8.
and only allow my dns server opnsense 192.168.1.1 because when they (my lan) use the google dns, they surfing my politic.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: opnsense block google dns
«
Reply #1 on:
May 24, 2016, 01:00:35 pm »
I would use a destination NAT to redirect the traffic to your local DNS server.
Logged
klausneil
Jr. Member
Posts: 73
Karma: 4
Re: opnsense block google dns
«
Reply #2 on:
May 25, 2016, 05:58:16 am »
Please excuse me my ignorancy but you can tell me how make this? i see NAT (forwarding,1:1,npt,outbound) and also it allows me to masquerading my internal ip when getting out
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: opnsense block google dns
«
Reply #3 on:
May 25, 2016, 11:01:47 am »
It works the same way like the rule for the transparent proxy - just a different port
https://docs.opnsense.org/manual/how-tos/proxytransparent.html#step-3-nat-firewall-rule
Logged
klausneil
Jr. Member
Posts: 73
Karma: 4
Re: opnsense block google dns
«
Reply #4 on:
May 26, 2016, 04:09:44 am »
Hi fabian, i follow the link but tjis not work i can access to internet with 8.8.8.8.8 my rule is this:
Interface LAN
Protocol TCP
Source LAN net
Source port range any - any
Destination any
Destination port range DNS - DNS
Redirect target IP 192.168.10.3
Redirect target port DNS
Description Redirect traffic to DNS
NAT reflection Enable (NAT + Proxy)
Filter rule association Add associated filter rule
Please help me.
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: opnsense block google dns
«
Reply #5 on:
May 26, 2016, 12:22:29 pm »
DNS can use UDP and TCP (usually uses UDP) - sorry - forgot to mention this.
Logged
klausneil
Jr. Member
Posts: 73
Karma: 4
Re: opnsense block google dns
«
Reply #6 on:
May 26, 2016, 06:58:58 pm »
Ok fabian but my rule i configure with TCP/UDP but nothig, why is this or i can see in the log?
Logged
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: opnsense block google dns
«
Reply #7 on:
May 26, 2016, 10:25:13 pm »
It should work - did you check it using the packet capture on the wan interface of OPNsense?
Logged
klausneil
Jr. Member
Posts: 73
Karma: 4
Re: opnsense block google dns
«
Reply #8 on:
May 27, 2016, 12:29:11 am »
No,. i dont have a packet capture on my wan, how i can active this options.
Logged
bartjsmit
Hero Member
Posts: 2018
Karma: 194
Re: opnsense block google dns
«
Reply #9 on:
May 27, 2016, 08:24:45 am »
You do :-)
Run tcpdump from the OPNsense command line and capture the WAN traffic to a file. Copy the output file to your workstation and open it in Wireshark for analysis.
Bart...
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: opnsense block google dns
«
Reply #10 on:
May 27, 2016, 10:55:03 am »
There's also a GUI for this under Interfaces: Diagnostics: Packet Capture (or similar, I have the German GUI enabled at this time).
Logged
klausneil
Jr. Member
Posts: 73
Karma: 4
Re: opnsense block google dns
«
Reply #11 on:
May 27, 2016, 09:33:14 pm »
i see that when i try access google.com this pass to my dns server (192.16810.3)
Capture output
14:19:33.886357 IP 192.168.15.63.57064 > 192.168.10.3.53: UDP, length 33
14:19:33.887117 IP 192.168.10.3.53 > 192.168.15.63.57064: UDP, length 409
14:19:34.126850 IP 192.168.10.3.53 > 192.168.15.12.33918: UDP, length 76
But when change my network configuration in windows xp and my dns is 8.8.8.8 i see this
14:31:32.504219 IP 192.168.15.29.1084 > 8.8.8.8.53: UDP, length 28
14:31:32.537415 IP 8.8.8.8.53 > 192.168.15.29.1084: UDP, length 404
14:31:32.698034 IP 192.168.15.29.1084 > 8.8.8.8.53: UDP, length 35
But my rule firewall not work because not redirect all trafic 53 to 192.168.10.3
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
opnsense block google dns