Opendns
-
I'm trying to setup opendns to block skype and some other sites. I did the the test for open dns and pass the last two but not the first. http://www.opendns.com/support/article/64 I added the following ip addresses (208.67.220.220 and 206.67.222.222) to general-setup-dns servers. My lan rules are attached. I appreciate any help I can get. Thanks!
-
Not sure why you have NAT rules… I've attached my rules - simply allow access to the OpenDNS servers and the LAN server and block any other attempt to hit port 53 outbound.
Also, on the General tab you should uncheck the box that says "Allow DNS server list to be overridden by DHCP/PPP on WAN"
 -
Thank you so much rjcrowder. I removed the NAT settings and made changes in firewall. That worked!!!
-
I added the following ip addresses (208.67.220.220 and 206.67.222.222)
There is also a typo in that 2nd OpenDNS address - might just be in your post, but check your actual system:
208.67.220.220 and 208.67.222.222 -
Why not set all internal hosts to use the DNS server built into pfsense? You can enable the DNS forwarder, and have the pfsense box itself use the Opendns resolvers.
This was you don't need to open up any additional holes in your firewall, and you will get the added benefit of local address caching via pfsense.