Allow clients to use any DNS server they want



  • Hello everyone,
    some clients happen to have configured their own DNS servers and captive portal will not work for them; how can i permit DNS queries to unlogged users ?

    Thank you,
    Giacomo.



  • You have to make sure they're using the DNS forwarder, or have IP passthrough entry for each external DNS server. The only other alternative is redirecting all UDP/TCP 53 to 127.0.0.1 with the DNS forwarder enabled, transparently proxy DNS basically.



  • You cannot do transparent proxy dns since the CP rules are first.
    You have to hack into CP ruleset to achive that or otherwise the only option are DNS forwarder of pfSense or allowed hosts.



  • Thank you cmb, ermal,
    i was trying to redirect dns queries to the dns forwarder and I was suspecting that there were other CP rules first.

    I've found /tmp/ipfw.cp.rules which contains what i need, but it is a temporary file, where can i find the origin of its content ?

    Thank you,
    Giacomo.



  • Ah yeah since the CP rules would still apply you can't redirect DNS. You can hack in ipfw rules, check /etc/inc/captiveportal.inc



  • Thank you :)


Log in to reply