• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

CP and DNS Fowarder

Scheduled Pinned Locked Moved Captive Portal
4 Posts 2 Posters 2.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • V
    vito
    last edited by Dec 11, 2008, 1:05 PM Dec 11, 2008, 1:19 AM

    I have one of my 5 WAN IP’s assigned to CP subnet
    That WAN Ip is set up on OpenDNS for content filter for different filter categories.
    Since you need to use dns forwarder for CP to work, it seems the DNS request are going out another WAN IP. At that point, OpenDns does not see the correct WAN IP to filter.
    All traffic form the CP subnet is nat’d to the correct WAN IP, the out bound DNS is the only thing not working.

    It seems (from searching the forum) this is the way it just works or I need to do some special outbound nat rules/routes. (But just in case I missed something…thought I would ask. Sorry if this was mentioned some where)

    Edit: running 1.2.1 RC2 from nov

    Thanks in advance!

    1 Reply Last reply Reply Quote 0
    • G
      GruensFroeschli
      last edited by Dec 12, 2008, 3:53 PM

      The DNSforwarder runs on pfSense itself which can only make use of the routingtable.
      requests of the DNSforwarder will always appear as if from the pfSense mainWAN IP.

      You could assign your clients on the CP subnet as DNS the OpenDNS entry directly and allow connections to these DNS servers per default (via "allowed IPaddresses").
      Like this outbound traffic (including DNS requests) will go through the policyrouting rules and leave via the correct WAN.

      We do what we must, because we can.

      Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

      1 Reply Last reply Reply Quote 0
      • V
        vito
        last edited by Dec 12, 2008, 5:34 PM Dec 12, 2008, 4:14 PM

        Hi GruensFroeschli,

        I think I know what you are explaining, tell me if I am wrong.

        That sound like what I am doing on a different wireless net that is not using CP.
        (Block all DNS except OpenDNS address) This works fine for that network.

        My understanding on using CP is that the DNS forwarder had to be used to “catch” the web request and then redirect to the CP logon page. That was why we had to use the local interface IP as the DNS?

        I could be wrong…  :)

        Once again, thanks for helping out!  :)

        1 Reply Last reply Reply Quote 0
        • G
          GruensFroeschli
          last edited by Dec 13, 2008, 11:16 AM

          I thought at first as well that you need to have the local DNS forwarder for the CP to work.
          You dont. You can use any DNS server you want. The client just has to be able to resolve names even if not authenticated.

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received