Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Redirect All DNS Traffic

    NAT
    3
    4
    6868
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blak111 last edited by

      Is there a way to catch all DNS traffic and redirect it to other servers such as the OpenDNS set? I have had several problems with guests having static DNS servers set so they never make it to the captive portal because of the DNS queries timing out.

      Thanks,
      Kevin

      1 Reply Last reply Reply Quote 0
      • P
        Perry last edited by

        Can't think of one. But you could force them to use your DNS with a block rule.

        udp * 53 !192.168.1.1

        /Perry
        doc.pfsense.org

        1 Reply Last reply Reply Quote 0
        • B
          blak111 last edited by

          Well the captive portal already blocks them from using external DNS which is what's causing the issue. Without a successful lookup, there browser fails at the name resolve and never gets redirected to the captive portal.

          I read in a thread somewhere on here about using a NAT rule to redirect the outbound SMTP traffic to feed it into an ISP mail server and that method seems to work quite well. When I use the equivalent setup for DNS, it works for around 5 minutes and then pfSense stops forwarding DNS packets all together.

          1 Reply Last reply Reply Quote 0
          • D
            davidu last edited by

            @blak111:

            Is there a way to catch all DNS traffic and redirect it to other servers such as the OpenDNS set? I have had several problems with guests having static DNS servers set so they never make it to the captive portal because of the DNS queries timing out.

            Hi Kevin,

            I'm not familiar with pfSense, but since it looks like m0n0wall fork and using PF, then the answer should be yes.  You have two issues.  One is redirecting the traffic, and the other is making sure your DNS server (or in this case, ours at OpenDNS) will recognize that it's meant for us, and that we know where to send it back.  For the first part, you should be able to use the rdr rules and for the second part you should be able to use the NAT rules.

            So just thinking outloud, something like this should work:

            1. First intercept the traffic from your internal interface:
            rdr on $int_interface inet proto udp from any to any port 53 -> $opendns_ip

            (note: you might only be able to do this to one of our IPs, not both, but that's okay, really)

            1. Rewrite the outgoing packets to actually have a destination of 208.67.222.222
            nat on $int_interface proto udp from $int_interface:network to any port 53 -> $opendns_ip

            This is all just a total guess, but something like this should be possible. :-)  Let us know if you figure out the magic commands.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post