HOWTO - Redirect all DNS Requests to Opnsense

Started by Cypher100, July 26, 2018, 03:16:37 AM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 ... 8
User actions
January 29, 2022, 04:48:31 PM #30
January 29, 2022, 05:08:39 PM #31
i have those redirect and block rules operating.
I thing that zenarmor/semsei is operating before those firewall rules(?)
Deciso DEC850v2
February 03, 2022, 10:50:51 AM #32 Last Edit: February 03, 2022, 05:40:23 PM by ChrisChros
Is someone else facing problems with DNS redirection an Google Nest mini?
My Google Home mini is working as expected with the redirecting rules but the Nest mini not. The Nest is not able to establish an internet connection and stops working.

I tried with port forward rule only as well a combination of outbound and port forward, no luck with the Nest mini.

Any suggestions to fix this problem?

UPDATE:
So I think I have it now.
I checked all my port forward rules and realized that NAT reflection was set to "Use system default", this has to be set to "Disabled".
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
February 24, 2022, 11:26:14 PM #33
I'm also trying to understand how this works and I have created the NAT-> port forward rule (attached) and the rule 1 has automatically been created.

The issue I have with my Google Chromecast is that it only works if I have rules 2 and 3, but my understanding was that I didn't need any addional rule, can someoen shed some light?

Tia.
February 25, 2022, 08:51:25 AM #34
Destination has to be negated ( ! ) as you want to redirect traffic whichs destination is NOT lanNet/ThisFirewall.

LAN    TCP/UDP    *    *    ! This Firewall    53 (DNS)    10.13.12.2    53 (DNS)    Redirect DNS to this Firewall
LAN    TCP/UDP    *    *    ! This Firewall    53 (DNS)    fd00:10:13:12::2    53 (DNS)    Redirect v6 DNS to this Firewall
i am not an expert... just trying to help...
February 25, 2022, 10:02:25 AM #35
@tiermutter
I guess you're referring to the port forward rule, right? In that case, it's been negated (see screenshot) - ! LAN address - or you mean something elese?
February 25, 2022, 10:28:47 AM #36
huh?! Sorry... watched the secreenshots on the smartphone, looks like I mixed up something.

I remember I had problems using loopback IP for redirect to, thats why I use the LAN interface IP instead.
i am not an expert... just trying to help...
February 25, 2022, 10:44:03 AM #37
Ah no worries, I will change the loopback address with the address of my firewall and will see if any better, will keep you posted.

Thanks.
February 25, 2022, 08:50:22 PM #38
Yes, after changing the loopback address also my Goolge chromcast is working  :P
February 25, 2022, 10:44:40 PM #39
@hushcoden
Can you please share a picture of your now working rules.
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
February 25, 2022, 10:50:19 PM #40
Two attachments, one for the port forward and one for the LAN rule, which is automatically created.
February 25, 2022, 11:01:36 PM #41
Don't forget the rules for IPv6, if it's not disabled...  :)
i am not an expert... just trying to help...
February 26, 2022, 09:13:26 AM #42
comprehension questions, what is the difference between "127.0.0.1" and "This Firewall"?
XSK NUC Intel Celeron J3160 aka Protectli FW4B, 8GB RAM
OPNsense 22.1
February 26, 2022, 10:54:01 AM #43
Im not really sure, but I think "this firewall" contains all interface IPs of the firewall. All client traffic passing the firewall will be destinated to this firewall / an interface IP or to another network, but can never be destinated to a loopback address.
i am not an expert... just trying to help...
March 19, 2022, 11:04:52 AM #44
Hi, many thanks for this HowTo, works flawlessly for me.
Would it be possible to add a similar Redirect rule for NTP service port 123 so that Opnsense NTP server will only be used?
Print
Go Up Pages 1 2 3 4 5 ... 8
User actions