OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion (Moderator: fabian) »
  • opnsense block google dns
« previous next »
  • Print
Pages: [1]

Author Topic: opnsense block google dns  (Read 3314 times)

klausneil

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
opnsense block google dns
« on: May 24, 2016, 12:40:30 am »
Hi, anybody tell me how can i block the use of google dns (example 8.8.8.8) and only allow my dns server opnsense 192.168.1.1 because when they (my lan) use the google dns, they surfing my politic.
Logged

fabian

  • Moderator
  • Hero Member
  • *****
  • Posts: 2052
  • Karma: 155
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: opnsense block google dns
« Reply #1 on: May 24, 2016, 01:00:35 pm »
I would use a destination NAT to redirect the traffic to your local DNS server.
Logged

klausneil

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: opnsense block google dns
« Reply #2 on: May 25, 2016, 05:58:16 am »
Please excuse me my ignorancy but you can tell me how make this? i see NAT (forwarding,1:1,npt,outbound) and also it allows me to masquerading my internal ip when getting out
Logged

fabian

  • Moderator
  • Hero Member
  • *****
  • Posts: 2052
  • Karma: 155
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: opnsense block google dns
« Reply #3 on: May 25, 2016, 11:01:47 am »
It works the same way like the rule for the transparent proxy - just a different port https://docs.opnsense.org/manual/how-tos/proxytransparent.html#step-3-nat-firewall-rule
Logged

klausneil

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: opnsense block google dns
« Reply #4 on: May 26, 2016, 04:09:44 am »
Hi fabian, i follow the link but tjis not work i can access to internet with 8.8.8.8.8 my rule is this:

Interface                    LAN
Protocol                    TCP
Source                         LAN net
Source port range         any - any
Destination            any
Destination port range      DNS - DNS
Redirect target IP         192.168.10.3
Redirect target port         DNS
Description            Redirect traffic to DNS
NAT reflection            Enable (NAT + Proxy)
Filter rule association      Add associated filter rule

Please help me.
Logged

fabian

  • Moderator
  • Hero Member
  • *****
  • Posts: 2052
  • Karma: 155
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: opnsense block google dns
« Reply #5 on: May 26, 2016, 12:22:29 pm »
DNS can use UDP and TCP (usually uses UDP) - sorry - forgot to mention this.
Logged

klausneil

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: opnsense block google dns
« Reply #6 on: May 26, 2016, 06:58:58 pm »
Ok fabian but my rule i configure with TCP/UDP but nothig, why is this or i can see in the log?
Logged

fabian

  • Moderator
  • Hero Member
  • *****
  • Posts: 2052
  • Karma: 155
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: opnsense block google dns
« Reply #7 on: May 26, 2016, 10:25:13 pm »
It should work - did you check it using the packet capture on the wan interface of OPNsense?
Logged

klausneil

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: opnsense block google dns
« Reply #8 on: May 27, 2016, 12:29:11 am »
No,. i dont have a packet capture on my wan, how i can active this options.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 957
  • Karma: 122
    • View Profile
Re: opnsense block google dns
« Reply #9 on: May 27, 2016, 08:24:45 am »
You do :-)

Run tcpdump from the OPNsense command line and capture the WAN traffic to a file. Copy the output file to your workstation and open it in Wireshark for analysis.

Bart...
Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 9036
  • Karma: 619
    • View Profile
Re: opnsense block google dns
« Reply #10 on: May 27, 2016, 10:55:03 am »
There's also a GUI for this under Interfaces: Diagnostics: Packet Capture (or similar, I have the German GUI enabled at this time).
Logged

klausneil

  • Jr. Member
  • **
  • Posts: 70
  • Karma: 4
    • View Profile
Re: opnsense block google dns
« Reply #11 on: May 27, 2016, 09:33:14 pm »
i see that when i try access google.com this pass to my dns server (192.16810.3)

Capture output
14:19:33.886357 IP 192.168.15.63.57064 > 192.168.10.3.53: UDP, length 33
14:19:33.887117 IP 192.168.10.3.53 > 192.168.15.63.57064: UDP, length 409
14:19:34.126850 IP 192.168.10.3.53 > 192.168.15.12.33918: UDP, length 76

But when change my network configuration in windows xp and my dns is 8.8.8.8 i see this

14:31:32.504219 IP 192.168.15.29.1084 > 8.8.8.8.53: UDP, length 28
14:31:32.537415 IP 8.8.8.8.53 > 192.168.15.29.1084: UDP, length 404
14:31:32.698034 IP 192.168.15.29.1084 > 8.8.8.8.53: UDP, length 35

But my rule firewall not work because not redirect all trafic 53 to 192.168.10.3
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion (Moderator: fabian) »
  • opnsense block google dns
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2019 All rights reserved
  • SMF 2.0.15 | SMF © 2017, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2