• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Blocking remote office DNS

Scheduled Pinned Locked Moved Firewalling
2 Posts 2 Posters 545 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rustydusty1717
    last edited by Mar 21, 2016, 3:19 PM

    Hello,

    We've been blocking DNS from our main office so only DNS requests from our domain controllers can do lookups which are filtered through OpenDNS.

    What I need to do now is blocking DNS from our remote office so the DC's at remote office can only do lookups over the OpenVPN's to the main office.

    Example:

    Remote office 1 DC IP is 10.10.0.4 and it needs to be able to do DNS lookups over the VPN to 192.168.1.19

    Block any other DNS lookups.

    Attached is what I have set for head office and it works perfectly.

    firewall.JPG
    firewall.JPG_thumb

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Mar 21, 2016, 3:31 PM

      On remote office LAN

      Pass TCP/UDP port any source 10.0.0.4 port any dest 192.168.1.19 port 53
      Reject TCP/UDP port any source LAN net port any dest any port 53

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received