Redirect to internal services
-
Can I create a rule(s) to redirect requests from internal endpoints to user internal services instead of reaching outside. One example would be DNS. Instead of blocking access to an external DNS resource redirect the request to internal service.
Thanks
Seth -
So traffic from LAN hitting pfSense you want to redirect it to something else on the LAN or OPT1/etc? Should be able to, just make sure you don't block the "final" one that may need to come out.
Take DNS, if a LAN client is going to the pfSense for DNS resolution, sure you could redirect that to LAN DNS servers, just make sure that those DNS servers have a way to get out or it won't work. You also need to be aware that a client may put in a different DNS server, say Google that won't get redirected. DNS can be setup on pfSense in a couple different modes, one where it does the resolution, another you could have it forward to others. You still need to be aware of what a client could do.
There are also proxies that you can run to do things like this; others with more specific knowledge as to setting up and configuring them will likely jump in.
-
Doing such a thing really is bad idea.. Because the return traffic to your box on the same lan would be asymmetrical. If you want to redirect dns to pfsense ok. since answer would come from pfsense.
But I don't really agree with the logic of redirecting dns.. If you don't want users using anything other than the dns you want them too. then just block the access to everything other than your dns.
-
I'm already blocking outside DNS for clients. I was just looking to see if A its possible or B practical to redirect such services.
-
Sure its possible its just not really practical… What purpose does it serve?? Do you not hand out your dns via dhcp? Do not provide the info of what dns to use if users are setting static?
Even if you redirect it.. the answer will be asymmetrical which is BAD..