Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Port 53 DNS LAN fire wall rules

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 4 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      romulusrodent
      last edited by

      Hello!
      I've setup two LAN firewall dns rules (Pass and Block) for port 53, but it is blocking access to my NAS. I've disable them for now, but I would like to know if there is a way to allow access to the NAS when the rules are enabled. Any recommendations? Below are the dns rules I added to my LAN interface for port 53 and they are placed at the top of the LAN firewall rule list. Thanks in advance!

      Allow DNS to PfSense
      Action: Pass
      Interface: LAN
      Address Family: IPV4
      Protocol: UDP
      Source: Any
      Destination: Lan net
      Destination range: DNS (53)

      Block All other DNS
      Action: Block
      Interface: LAN
      Address Family: IPV4
      Protocol: UDP
      Source: Lan net
      Destination: Any
      Destination range: DNS (53)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        First, you should block both TCP and UDP if you want to block DNS.

        Second, those rules will not generally affect a NAS unless you need UDP 53 to it for some reason. You should probably look for another reason it is not working.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • R
          romulusrodent
          last edited by

          Hi Derelict. Thanks for taking the time replying to my post. I will adjust the firewall rules to TCP and UPD. As of now I can only access the NAS if these two DNS firewall rules are disabled. I mostly have a default pfsense installation with the exception I've recently installed PFBlockerNG. I will keep researching what is casing the NAS access conflict If these firewall rules should not be the ones blocking access to my NAS in my network. Thanks for your help!

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            dns is not required to access your nas, that is for sure. And blocking it on pfsense would have ZERO to do with accessing it from lan that is for sure as well.

            If your blocking your access to dns, then yeah you would be able to resolve its name.. But you could just access it via IP.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • kiokomanK
              kiokoman LAYER 8
              last edited by

              well that would be the case only if you have wrong dns on your pc and you are trying to access the nas using hostname instead of the ip, otherwise there is no reason for not to be able to access the nas

              ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
              Please do not use chat/PM to ask for help
              we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
              Don't forget to Upvote with the 👍 button for any post you find to be helpful.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                He is prob the dyn dns name they give you that you can create at something.synology.me for example. And using nat reflection?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                R 1 Reply Last reply Reply Quote 0
                • R
                  romulusrodent @johnpoz
                  last edited by

                  @johnpoz
                  Thank you all for your replies. I fixed the nas access issue by changing the freenas primary nameserver to match the the router's ip. The issue I have now is that PFBlockerNG is blocking my kids PS4 access to fortnite. I am assuming I can get around this by DNSBL whitelisting epic games server and the psn networks server? I will keep researching for an answer. Thank you!

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    You might have better luck with such a question in the pfblocker section.. game servers and psn servers could have huge amount of domains that could be looked, so blocking x could cause something in the chain to fail, etc.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.