DNS Port Forward Inglês DOES NOT REDIRECT
-
Well, I've tried almost everything, I have a network with pfsense 2.7.2 with pfBlockerNG 3.2.0_8 the problem is that some users are changing the DNS IP to 8.8.8.8 or 1.1.1.1 and 208.67.222.222 with this passing through the blocks, I've been trying for days how to do the NAT redirection to pfsense 127.0.0.1 or 10.0.1.1
pfsense IP without success every time it passes if I put the block it blocks the navigation and does not redirect -
-
@mcury It was the first one I tried and it goes through normally without redirecting
-
This is my solution using PiHole. Will also work using pfSense.
https://forum.netgate.com/topic/156453/pfsense-dns-redirect-to-local-dns-server?_=1663853296484
-
Redirect IP 10.0.1.1 and NAT IP 10.0.1.1 ?
Here it is working:
-
@mcury
see the two examples I did the same as you showed me the first answer was that it is going straight through without the redirection it should have the same msg as the 2nd test I did but forcing the pfsense IP -
Create a host override in pfSense, then test for that host.
Like my example, iphone.home.arpa is only known to my DNS server, so, even when I asked 8.8.8.8 to resolve it, I got an answer from my local DNS server. -
@mcury
unfortunately the same response goes straight to DNS. Google, is there something I'm doing wrong because if I set it to block it works but I would have to go to all the computers and set the DNS, but it wouldn't solve the problem that comes back, people go and change it again even if it crashes, so I have to stay focused to fix it and redirecting all the traffic 53 to pfsense would solve it because I could change it to any other one that wouldn't make a difference -
@frawnsmoc I think you misunderstood me, the idea of the host override is to confirm if the DNS is being redirected, and not create a host override for google.
Perhaps perform a packet capture on localhost in pfSense, UDP port 53 and test with the nslookup again.
-
@mcury I've already done this, I tested it and it goes straight through until I thought it was a problem with the NAT, but there are security cameras using the NAT perfectly.
I did a generic test with a generic port for 8.8.8.8:12345 and 127.0.0.1:12345 intercept or 10.0.1.1:12345 the nat will not
-
@frawnsmoc said in DNS Port Forward Inglês DOES NOT REDIRECT:
@mcury I've already done this, I tested it and it goes straight through until I thought it was a problem with the NAT, but there are security cameras using the NAT perfectly.
I did a generic test with a generic port for 8.8.8.8:12345 and 127.0.0.1:12345 intercept or 10.0.1.1:12345 the nat will not
Perform a packet capture on the WAN interface, select host 8.8.8.8 and UDP port 53.
Then test again, if the packet capture is empty, it is redirecting it. -
@mcury replace pfsense with mikrotik matter solved pfsense has this bug
-
@frawnsmoc said in DNS Port Forward Inglês DOES NOT REDIRECT:
replace pfsense with mikrotik matter solved pfsense has this bug
ok
