Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    DNS Redirect

    NAT
    4
    6
    906
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MontanaIce last edited by

      I work at a few school sites and we have an external DNS filter that we allow DNS traffic to. However, the school administrators would like us to setup a DNS redirect to make transition easier than an outright block of DNS traffic anywhere else other than our approved DNS filter. We have non-domain devices from visitors such as cell phones or any other devices we do not control and we are asked to not completely block DNS but to redirect those device DNS requests to our internal DNS server (that is not pfSense).

      DHCP DNS settings is being used but we need to redirect all DNS queries to WAN side to redirect to a LAN DNS server. I realize the best case scenario is to force all users to to move to DHCP or to set static DNS to use those approved DNS servers but our administrators would like our users to be redirected instead of being outright blocked. How would I achieve this using NAT policies in pfSense?

      1 Reply Last reply Reply Quote 0
      • V
        viragomann last edited by

        That's no magic with pfSense, if the request which are to be redirected enters pfSense on another interface as the redirection host is connected to. You need just a simple NAT rule.

        Go to Firewall > NAT > Port Forward and add a rule there:
        Interface: LAN or whatever the devices connected to
        Protocol: TCP(UDP
        Destination: any
        Destination port range: DNS
        Redirect target IP: the host IP you want to redirect DNS requests
        Redirect target port: DNS
        Description: <what you="" wan="">save it. That's all.</what>

        1 Reply Last reply Reply Quote 0
        • KOM
          KOM last edited by

          https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense

          1 Reply Last reply Reply Quote 0
          • M
            MontanaIce last edited by

            So if I have LAN interface up and hosts on it and I have a DNS server on that same interface I would do this?

            Port Forward Rule:
            Interface: LAN
            Source: !LAN_DNS_Server
            Protocol: TCP & UDP
            Destination: Any
            Destination Port: DNS
            Redirect Target IP: LAN_DNS_Server

            The LAN DNS server needs to reach out to WAN for queries so do I need to inverse select the LAN DNS Server in the source field?

            1 Reply Last reply Reply Quote 0
            • B
              bartkowski last edited by

              @MontanaIce:

              So if I have LAN interface up and hosts on it and I have a DNS server on that same interface I would do this?

              Port Forward Rule:
              Interface: LAN
              Source: !LAN_DNS_Server
              Protocol: TCP & UDP
              Destination: Any
              Destination Port: DNS
              Redirect Target IP: LAN_DNS_Server

              The LAN DNS server needs to reach out to WAN for queries so do I need to inverse select the LAN DNS Server in the source field?

              No, look at the linked article again.
              Source: ANY or LAN
              Destination: !LAN_DNS_Server

              1 Reply Last reply Reply Quote 0
              • KOM
                KOM last edited by

                I should have pointed out that the article I linked to wasn't an exact match for his issue, but he should be able to change the 127.0.0.1 to his LAN DNS IP and get the same result.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post