[Solved] DNS port forwarding does not work

Started by Roberto, Today at 01:40:50 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
Today at 01:40:50 PM Last Edit: Today at 02:01:06 PM by Roberto
I found the problem. "Home address" apparently cannot be used as the target destination, although it is an IP address. If I enter the address explicitly, it works.

----

Hello,

I am trying to forward all DNS requests sent to external hosts to my internal resolver. That should, in principle, be easy. However, I can't get it to work.

I am using OPNsense 26.1.

First of all, I added a destination forward to send (at least, that's the idea) all DNS queries not already directed to the internal DNS resolver to AdGuard (see first screenshot). Then I added a rule to allow the traffic to the DNS resolver (second screenshot) and I made sure it's the first rule for the Home interface.

It seems quite straightfoward, but it doesn't work, the DNS queries are not redirected but are answered by the external server, for example 8.8.8.8. AdGuard is listening on the right interfaces and is reachable from the Home network (tested).


If it helps, I have a couple of other port forwarding rules (on the WAN) and those work fine, so I am really clueless.

Any help will be greatly appreciated.
Today at 01:51:23 PM #1
I'm using 127.0.0.1 as redirection address.
Today at 02:43:10 PM #2
Quote from: Roberto on Today at 01:40:50 PM"Home address" apparently cannot be used as the target destination

If "Home" is the name of your interface then "Home address" is all addresses assigned to that interface, not only the "primary" one configured in the interface setup form.

This can have unexpected effects when used as a destination, yes.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Today at 07:34:36 PM #3
Quote from: Patrick M. Hausen on Today at 02:43:10 PMIf "Home" is the name of your interface then "Home address" is all addresses assigned to that interface, not only the "primary" one configured in the interface setup form.

Thanks a lot for the explanation. That's frankly unexpected: I disabled IPv6 and assigned a static IPv4 address to that interface, so I expected this to be a single address. I use it in a few firewall rules and they work as expected.

Is there a way to see the value(s) of "Home address"?

By the way, why is it possible to select it as target address in a forwarding rule if its value is not a single address?
Print
Go Up Pages1
User actions