Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    DNS and NTP intercept for multiple interfaces

    Scheduled Pinned Locked Moved
    NAT
    2
    4
    155
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      GPz1100
      last edited by

      I have 3 vlans + LAN defined in my config.

      DNS intercept works well with the port forwarding rule below. I will be adding the same for NTP intercept.

      My question, is there a way of consolidating the rule to cover multiple interfaces rather than having separate intercept rules for each interface?

      0a3c9db3-0990-4a58-a87a-8dee04ab36f4-image.png

      Dns_servers is alias for 10.10.100.2 and 10.10.1.1. That should probably just be 10.10.100.2 as each interface has it's own unique ip (ie 10.10.3.1, 10.10.4.1, 10.10.5.1 for vlans3..5 respectively). Dns alias is ports alias for ports 53 and 853.

      keyserK 1 Reply Last reply Reply Quote 0
      • keyserK
        keyser Rebel Alliance @GPz1100
        last edited by

        @GPz1100 Create an interfacegroup of those interfaces and place the rule on the interfacegroup.

        Love the no fuss of using the official appliances :-)

        G 2 Replies Last reply Reply Quote 0
        • G
          GPz1100 @keyser
          last edited by

          @keyser Aha! I was wondering if such an alias existed. Thanks, will try that.

          1 Reply Last reply Reply Quote 0
          • G
            GPz1100 @keyser
            last edited by

            @keyser That did indeed do the trick.

            It appears I can also get rid of the floating firewall rule to allow dns server access (it's on a different vlan/subnet altogether than everything else).

            floating rule
            b06f548e-af54-43d0-b408-858a6542c147-image.png

            Since NAT rules are executed before floating rules, traffic never reaches the above rule.

            NAT/port forward
            d86c23a7-c29d-4496-bf4c-ef7cf1610a50-image.png

            This creates firewall rule below for the Local_networks "interface".
            d2673b2a-1449-4f90-b079-ba038b5b081a-image.png

            1 Reply Last reply Reply Quote 1
            • First post
              Last post