Pfsense 2.3.1 with OpenDNS (Web filtering)
-
image url) -
OpenDNS allows you to have more than one network registered with your account. You need to update the correct network. This article is old, so maybe this is a newer feature of OpenDNS. Anyway, OpenDNS help says to use the following for Hostname:
https://updates.opendns.com/nic/update?hostname=NetworkLabel
Where NetworkLabel is the name of the network in your account that you're trying to update. However, pfSense returns the error "The Hostname contains invalid characters."
-
Does anyone know if this still works with the latest version of pfsense? If not, what adjustments need to be made?
Thanks,
Truckin -
Yes, pfSense will still update your OpenDNS account with your current IP address. After that, it's just a matter of setting the OpenDNS servers as your DNS servers.
-
OK,
Thanks! I will start the config process now that I know these instructions still work.
Truckin -
Everything seemed to work fine with these instructions running the latest version of Pfsense. However, once I configured the firewall rules, specifically the 2nd one to block, I lost the ability to connect to the internet. Tried several different things but never could reach any website or ping it. If I left the first FW rule in place and removed the second one it works fine....so that's what I am running now. Not sure if that is the correct way to go though since the above instructions state to add both FW rules. Any advice?
Truckin -
@truckin
I suspect that you blocked DNS access to pfSense. You need to set a rule that allows UDP port 53 to connect to the pfSense box from the LAN above the rule(s) to block port 53.I just looked at my pfSense. I have OpenDNS defined in the Dynamic DNS rules. Under "Hostname" I entered the name of my network as I have defined it in OpenDNS. So, in the previous instructions, where it has the word NetworkLabel, all you need is to put NetworkLabel in the Hostname box, not the full string.
-
Ok,
I am not really sure how to do that? I just followed his instructions above. So does that mean I need to put the block rule back in like written above and also add another rule? -
@truckin I just double checked the picture above. He has a permit to allow DNS to a local LAN address prior to the block statement. Be aware that these statements default to TCP but DNS uses UDP, so change the drop down that says TCP to UDP when creating or editing the rules. You can also set them to allow both TCP & UDP, if you prefer.
The rules are executed in the order they appear, so the permit must preceed the block.
-
Thanks for the follow-up. I will redo the rules again and make sure the order is correct (Maybe that was the issue). I will report back once I have this completed.
Thanks again,
Truckin