Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Device lock/unlock on the network through DNS monitoring.

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 566 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      felipesmith
      last edited by

      Hi everyone!

      I need to lock/unlock a device on my LAN through DNS monitoring 1.1.1.1 or 8.8.8.8 for exemple.

      The case: I have a device that should only have access to the LAN if the internet connection is lost. But when the connection in on, the device will can't to connect to the LAN.

      Anyone can help me?

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @felipesmith
        last edited by johnpoz

        Pfsense doesn't control access of a device on the lan to other devices on the same lan. Is this device on different vlan than actual "lan"?

        Also just out of pure curiosity - why would anyone want to do this? Do you mind sharing the use case of why you would want to prevent access to local resources if internet works, but if internet down allow?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.7.2, 24.11

        F 1 Reply Last reply Reply Quote 0
        • F
          felipesmith @johnpoz
          last edited by

          @johnpoz

          I need this as I have a Dedicated EFT that works via satellite by default via a network route. But when the satellite connection is lost, the TEF starts working via the internet through a virtual machine.

          But I want it to work the other way around: the satellite connection device should only enter the network if the internet goes down.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @felipesmith
            last edited by

            @felipesmith said in Device lock/unlock on the network through DNS monitoring.:

            EFT

            Ok your going to have to be a bit more explicit here.. EFT? This not networking or device acronym familiar with. Electronic funds transfer is first thing that comes to mind here..

            And then did you typo it with TEF?

            If you could explain how you have it working now.. And what network its on.. How exactly is it connected to the network, and where is the is VM machine it uses to get to the internet?

            Do you have a model number of this device? etc.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • bingo600B
              bingo600
              last edited by

              How litteraly should the "not allowed on lan" be taken ?

              1:
              If really litteraly , you could acheive the "allowed on lan" via an "intelligent snmp write capable switch" and have the switchport in shutdown state , until the condition arises , where you then send a snmp comand to open the switchport interface.
              1.a:
              This will still require some pfSense magic , to switch the default gateway, from the "landline gw" to the "sat gw"

              2:
              Leave both "gw's" turned on , and control the dataflow via pfSense routes , and some "ping magic"
              .... See 1.a

              @johnpoz
              Would know more abut the 1.a pfSense stuff

              /Bingo

              If you find my answer useful - Please give the post a šŸ‘ - "thumbs up"

              pfSense+ 23.05.1 (ZFS)

              QOTOM-Q355G4 Quad Lan.
              CPUĀ  : Core i5 5250U, Ram : 8GB Kingston DDR3LV 1600
              LANĀ  : 4 x Intel 211, DiskĀ  : 240G SAMSUNG MZ7L3240HCHQ SSD

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.