Author Topic: Multi Wan: question about DNS rule (Read 1844 times)

sirio81 · « **on:** March 28, 2018, 10:15:20 am »

Followinf the documentation, at step 5:

Quote

Add a rule just above the default LAN allow rule to make sure traffic to and from the firewall on port 53 (DNS) is not going to be routed to the Gateway Group that we just defined.

I don't undestrand why it's wrong to use the gateway group for dns queries instead of the default gw.
Could you explain it?

sirio81 · « **Reply #1 on:** March 28, 2018, 12:17:42 pm »

I ask the same question on another way:
why matching only the DNS requests?
When I set WANGWGROUP as gateway in the lan rule, I can't ping OPNsense anymore.

I also notice that OPNsense reason in different way of linux based firewall:
a request for the firewall ip itself, on linux based fw is not going to be routed.

Second, when editing fw rules on OPNsense, I thought that selecting 'default' as gw, it was going to use the gateway marked as default.
Instead it means the firewall itself it seems.

mimugmail · « **Reply #2 on:** March 28, 2018, 12:28:22 pm »

It's only wrong if your clients use the DNS of the OPNsense itself! If your clients use an external DNS you can also add them to GWGROUP

Author Topic: Multi Wan: question about DNS rule (Read 1844 times)

sirio81

Multi Wan: question about DNS rule

sirio81

Re: Multi Wan: question about DNS rule

mimugmail

Re: Multi Wan: question about DNS rule