OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Some questions about 17.1 beta
« previous next »
  • Print
Pages: [1]

Author Topic: Some questions about 17.1 beta  (Read 5338 times)

xmichielx

  • Newbie
  • *
  • Posts: 44
  • Karma: 0
    • View Profile
Some questions about 17.1 beta
« on: January 09, 2017, 03:46:07 pm »
Hi,

Got some questions about the new beta which I am using (and very happy with :) ) :

- Can I easily upgrade to the 17 final when its ready from the current beta version?
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?

Thanks for any pointers :)

Michiel
Logged

fabian

  • Hero Member
  • *****
  • Posts: 2769
  • Karma: 200
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: Some questions about 17.1 beta
« Reply #1 on: January 09, 2017, 03:57:55 pm »
Quote from: xmichielx on January 09, 2017, 03:46:07 pm
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
I am doing this via a transparent proxy but you may be able to do this via firewall rules as well.

Quote from: xmichielx on January 09, 2017, 03:46:07 pm
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
You just need to create a "Port Forward" rule, which sends all requests to the local IP of the firewall.
Logged

xmichielx

  • Newbie
  • *
  • Posts: 44
  • Karma: 0
    • View Profile
Re: Some questions about 17.1 beta
« Reply #2 on: January 09, 2017, 09:43:36 pm »
Quote from: fabian on January 09, 2017, 03:57:55 pm
Quote from: xmichielx on January 09, 2017, 03:46:07 pm
- Is there an option to add scripts for dnsmasq adhost blocking? and keep it stored on the disk after an upgrade?
I am doing this via a transparent proxy but you may be able to do this via firewall rules as well.
I rather use something like DNS then a HTTP or HTTPS solution ... there are multiple dnsmasq/unbound scripts out there that I really want to use.
And I rather not block 5000 hosts by hand via the gui with a firewall rule..;)

Quote from: fabian on January 09, 2017, 03:57:55 pm
Quote from: xmichielx on January 09, 2017, 03:46:07 pm
- Is there an easy way to enforce all outbound DNS requests (transparent) to the OPNsense box so I can enforce DNS in my network? Should I remove the automatic outbound rules and use the hybrid rules intead and create a new outbound NAT rule?
You just need to create a "Port Forward" rule, which sends all requests to the local IP of the firewall.

But shouldn't the outbound nat rule not be used for this?
Port forward sounds like inbound connections for the WAN interface which I am using it for the forward HTTP, HTTPS and SSH from the WAN to the inside.

-EDIT: the port forward for DNS seems to work  8) but I am still questioning why the outbound NAT rules did not work since their names make more common sense (as it is an outbound NAT rule).
« Last Edit: January 09, 2017, 09:51:36 pm by xmichielx »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.1 Legacy Series »
  • Some questions about 17.1 beta
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2