Single wan gateway but DNS filtering per LANs ( or IPs ) like in 2 gateway ?
I try to do a filtering using DNS filter & pfblockerNG DNSBL ( no more SquidGuard ).
- OpenDNS will do filtering for parental control.
- GoogleDNS will skip parental control.
- pfblocker DNSBL will do filtering for Adverts, Tracking… for all DNS request.
I have one WAN gateway and 4 LAN's.
I want that some LANs ( or IPs ) to use OpenDNS servers and others LANs ( or IPs ) to use GoogleDNS or similar servers.
Something like having 2 wan gateways with different DNS servers so I can force traffic from a LAN or IP to use DNS from specific gateway, but I don't think is possible to do something like a "virtual gateway" to achieve this setup.
I can't use DNS overwrite in DHCP server or static ARP other than LAN IP interface as DNS; because if DNS is not handled by pfsense it will escape from pfbDNSBL filtering... this is the problem I am facing now, clients that use GoogleDNS escape from pfbDNSBL filter.
Clients from LANs will have get DNS server only from pfsense ( LAN IP interface ) and all attempt to use another DNS server will be redirected to DNS servers assigned to that interface. ( this part is well described in pfsense DNS redirect tutorials ).
any idea if this can be done and how ?
I do this by setting up DNS forwarder to listen just on Localhost port 8053.
I set the forwarder to use OpenDNS as its servers.
I then place a port forward on the controlled LAN (OPT2) that redirects all traffic for OPT2 address TCP/UDP 53 to 127.0.0.1 8053.
Naturally, you have to block all TCP/UDP/53 other than to OPT2 address.
Everyone else just uses DNS Resolver normally.
Don't use pfblockerng so this might not help you at all.
thank you for answer,
I can try this with your help but please let me know where I can set the DNS servers to be used by forwarder because I can't see it yet.
![2015-11-15 01.34.07.jpg](/public/imported_attachments/1/2015-11-15 01.34.07.jpg)
![2015-11-15 01.34.07.jpg_thumb](/public/imported_attachments/1/2015-11-15 01.34.07.jpg_thumb)
![2015-11-15 01.34.14.jpg](/public/imported_attachments/1/2015-11-15 01.34.14.jpg)
![2015-11-15 01.34.14.jpg_thumb](/public/imported_attachments/1/2015-11-15 01.34.14.jpg_thumb)
![2015-11-15 01.36.47.jpg](/public/imported_attachments/1/2015-11-15 01.36.47.jpg)
![2015-11-15 01.36.47.jpg_thumb](/public/imported_attachments/1/2015-11-15 01.36.47.jpg_thumb)
Sorry. I have this in the Advanced section:
Thank you very much for your help.
I set Forwarder according to your indications and this config with Forwarder using one DNS server and Resolver another DNS servers it is working ok for multi DNS - content filtering.
I will stick with this configuration because it is easy to maintain and can be apply also to DNS per IP not only to LAN, using redirecting in NAT - Port Porward based on IP Source address.
Unfortunately with this setup Forwarder still escape from pfbDNSBL filter.
Now I understand why pfBlockerNG can't work with Forwarder to filter DNS.
pfBlockerNG is using Unbound which have function Dnsspoof to do DNS filtering.