Hello Community,I am new to Opnsense, coming from Check Point, Untangle, pfSense ... and I am trying to understand what is happening with the Rules.I have several Networks (and VLANS). Basic example:Ad-Guard DNS Server on LAN available for ALL NetworksI created a rule under each Network allowing IN -> to the Ad-Guard Server. Everything works fine but the Log shows let out anything from firewall host itself instead.Question is, since I am not logging this rule, is it normal to see this entry in the log?
Please show "the Log"... ;-)
You allow access to this AdGuard, but are your clients actually using it? Or your opnsense (unbound? via DHCP)? As your last rule allows ANYTHING in theory any GUEST client could use whichever DNS (port 53, 853 or HTTPS) it wants.
It most probably as well will depending the device on the LAN,Reason is some devices (mostly IoT and even TVs) have preconfigured primary DNS servers 8.8.8.8 & 8.8.4.4, by having any to any rule towards non Private subnets. Such devices will always try to reach those Destinations before using your own or dedicated DNS server.I did solve this by extremely restrict internet access to only HTTPs. And allow DNS only for my Pihole. from what I can see such hardcoded devices first try their hard coded DNS server, once their can not reach it they use the fallback DNS provided by DHCP.Also Such devices tent to as well ping using ICMP those hardcoded DNS servers. I have specific rules that block any communication for Google DNS servers to force them use my selfhosted DNS on Pihole.Regards,S.
Action: BLOCKProtocol: UDPSource: !YourDNSserver (do an inverse here as shown by the !)S.Port: ANYDestination: !RFC_1918 (do an inverse here as shown by the !)D.Port: DNS_Ports (Alias)DNS_Ports should include 53 & 853 (DNS + DoT)Put the Rule on top of the listApply the rule on a specific interface, group or on all
I created a rule under each Network allowing IN -> to the Ad-Guard Server. Everything works fine but the Log shows let out anything from firewall host itself instead.Question is, since I am not logging this rule, is it normal to see this entry in the log?
pass, tcp/udp, "[whichever network name] net", [DNS port as configured on your OPNsense setup (typically is 53)], direction would be "OUT" > since you're wanting to allow traffic [i]from[/i] the firewall and [b]out[/b] perhaps some specific IP for the server but probably not necessary to specify