CP and DNS Fowarder

vito

I have one of my 5 WAN IP’s assigned to CP subnet
That WAN Ip is set up on OpenDNS for content filter for different filter categories.
Since you need to use dns forwarder for CP to work, it seems the DNS request are going out another WAN IP. At that point, OpenDns does not see the correct WAN IP to filter.
All traffic form the CP subnet is nat’d to the correct WAN IP, the out bound DNS is the only thing not working.

It seems (from searching the forum) this is the way it just works or I need to do some special outbound nat rules/routes. (But just in case I missed something…thought I would ask. Sorry if this was mentioned some where)

Edit: running 1.2.1 RC2 from nov

Thanks in advance!

GruensFroeschli

The DNSforwarder runs on pfSense itself which can only make use of the routingtable.
requests of the DNSforwarder will always appear as if from the pfSense mainWAN IP.

You could assign your clients on the CP subnet as DNS the OpenDNS entry directly and allow connections to these DNS servers per default (via "allowed IPaddresses").
Like this outbound traffic (including DNS requests) will go through the policyrouting rules and leave via the correct WAN.

vito

Hi GruensFroeschli,

I think I know what you are explaining, tell me if I am wrong.

That sound like what I am doing on a different wireless net that is not using CP.
(Block all DNS except OpenDNS address) This works fine for that network.

My understanding on using CP is that the DNS forwarder had to be used to “catch” the web request and then redirect to the CP logon page. That was why we had to use the local interface IP as the DNS?

I could be wrong…  :)

Once again, thanks for helping out!  :)

GruensFroeschli

I thought at first as well that you need to have the local DNS forwarder for the CP to work.
You dont. You can use any DNS server you want. The client just has to be able to resolve names even if not authenticated.