Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login
    Introducing Netgate Nexus: Multi-Instance Management at Your Fingertips.

    Blocking remote office DNS

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 732 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R Offline
      rustydusty1717
      last edited by

      Hello,

      We've been blocking DNS from our main office so only DNS requests from our domain controllers can do lookups which are filtered through OpenDNS.

      What I need to do now is blocking DNS from our remote office so the DC's at remote office can only do lookups over the OpenVPN's to the main office.

      Example:

      Remote office 1 DC IP is 10.10.0.4 and it needs to be able to do DNS lookups over the VPN to 192.168.1.19

      Block any other DNS lookups.

      Attached is what I have set for head office and it works perfectly.

      firewall.JPG
      firewall.JPG_thumb

      1 Reply Last reply Reply Quote 0
      • DerelictD Offline
        Derelict LAYER 8 Netgate
        last edited by

        On remote office LAN

        Pass TCP/UDP port any source 10.0.0.4 port any dest 192.168.1.19 port 53
        Reject TCP/UDP port any source LAN net port any dest any port 53

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2026 Rubicon Communications LLC (Netgate). All rights reserved.