DNS Redirect on PPPoE Clients failing
-
Hello, I am after some help.
I have a pfSense server running sucessfully with approx 150 end user devices connecting via a dedicated interface on the pfSense configured for PPPoE. The PPPoE client IP address are issued to the end user devices from a radius server, all this which works fine and traffic is good. DNS servers are pushed to the end user devices via the radius server which again is all good.
However, I want to redirect all the PPPoE client DNS traffic to the pfSense server so that DNS requests are handled via the pfSense to help prevent end users circumventing our DNS servers.
I have followed the guide for this, setup DNS resolvers on the pfSense and applied this to the LAN interface (a seperate interface) and as expected this works a treat for the LAN users but I repeat this for the PPPoE interface and it doesn't seem to work for the PPPoE clients, it just ignores the NAT redirect rule and the traffic is sent to the DNS server that has been manually configured.
If it helps when I setup a pass rule for DNS traffic under the PPPoE interface and log the results, I get hits in the log ok and I can see the DNS requests from the client IP going out to Google but interestingly the interface shows that of what must be the virtual interface allocated but the PPPoE server, e.g Interface ng126
NAT config
Firewall Config
Firewall Log
Anyone have any ideas please?
Thanks in advance
-
Confirmed
Redmine issue created: https://redmine.pfsense.org/issues/12452 -
@viktor_g Thanks for your investigations. Are there any further updates on this or indication if this is likely to be solved in the next release?
Thanks
-
@viktor_g I can see the bug is marked as Resolved but I'm still getting the same issue my end in our lab running the latest develoment software. Am I missing something?
-
Although @viktor_g created a bug for this issue and the bug tracker indicates that the status is resolved the issue still exists as descibed above no matter what setting I try. On LAN interfaces it works ok but with the same config on my PPPoE interfaces traffic is not rediected. From the bug tracker it mentions it fails on OpenVPN interfaces also, though I have not tested this.
Would be great to be able to get this feature working so if anyone else has any advice it would be appreaciated.
Thanks
-
@complexnurd said in DNS Redirect on PPPoE Clients failing:
bug for this issue and the bug tracker indicates that the status is resolved
Resolved in 2.6.0 / 22.01
What version of pfsense are you testing it in? -
@patch running version 2.6.0.a.20211125.0600
-
Any thoughts @patch did you find anything?
-
Still no resolution. problem still exists on 2.6.0 DEV
-
@complexnurd Please show the
/tmp/rules.debugfor checking -
Hi @viktor_g thanks for coming back to me. rules.debug file attached rules_debug.txt
-
@complexnurd You can test this patch: 541.diff
-
Hi @viktor_g slight delay here due to the CHridtmas and New Year holidays.
Pleased to say though it did work, thanks. Is that a config error my side or a mod that will need to be applied to future release?
-
@complexnurd said in DNS Redirect on PPPoE Clients failing:
Hi @viktor_g slight delay here due to the CHridtmas and New Year holidays.
Pleased to say though it did work, thanks. Is that a config error my side or a mod that will need to be applied to future release?
Very good!
This fix will be included in 22.01/2.6
-
@ComplexNurd If you don't mind me asking; which guide did you follow to set this up. I want to do the same for my network.
-
-
I am now just deciding if we should apply a dev version to our production kit or wait it out for a stable release of 2.6
