DNS Resolver for networks NOT behind the firewall - NOT WORKING
-
Hi guys,
So I'm hoping I'm not spamming the wrong section as my setup is a bit different and not that common.
My setup:
I'm using the pfsense as firewall for a new networks that are configured on a Cisco Catalyst switch.
Between Catalyst and pfsesne I'm running OSPF. DHCP for these networks is the Catalyst switch. DNS servers are pushed through DHCP and are 8.8.8.8 and 8.8.4.4The problem
I configured pfblockerng and DNSBL (requires DNS Resolver) but DNS Blocker is not working for my networks behind the Catalyst switch.
What I tried was to bring up another network directly on the firewall, with dhcp on the firewall itself - 10.155.55.0/24 with 10.155.55.1 gw/dns.
DNSBlocker works for this network. However if I configure the networks behind the Catalyst with 10.155.55.1 as DNS server, DNS is not working.
Network connectivity is allowed between these networks and 10.155.55.0/24 and nothing is blocked.Any idea what's going on?
Thank you
-
I don't use pfBlocker.
But if pfBlocker is using unbound as dns server, you have to "allow/add foreign nets" to the unbound ACL (access lists), else it will not respond to queries from those ip's.
ps: This will be true for all "Non pfSense interface nets" , including VPN client nets (pools).
/Bingo
-
@bingo600 you the man.
I spent a few hours yesterday trying to figure out what's going on.
Thanks a lot! Problem Solved! -
I just gave a thumbs up ... As you need 5 (I think) , in order to be able to post wo. restrictions.
Maybe some others could do the same , until you reach 5./Bingo
