Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:intercept_dns [2023/09/12 13:40] – [Web interface instructions] vgaetera | docs:guide-user:firewall:fw3_configurations:intercept_dns [2023/10/05 06:53] – [DNS forwarding] vgaetera | ||
|---|---|---|---|
| Line 24: | Line 24: | ||
| - Click **Save**, then **Save & Apply**. | - Click **Save**, then **Save & Apply**. | ||
| - | Make sure to prevent | + | Intercept |
| - Click **Add** and duplicate the above port forward, but specify: | - Click **Add** and duplicate the above port forward, but specify: | ||
| Line 89: | Line 89: | ||
| ==== DNS forwarding ==== | ==== DNS forwarding ==== | ||
| Set up [[docs: | Set up [[docs: | ||
| - | Configure firewall to exclude | + | Assuming |
| + | Configure firewall to avoid looping. | ||
| <code bash> | <code bash> | ||
| Line 100: | Line 101: | ||
| ==== DNS redirection ==== | ==== DNS redirection ==== | ||
| Avoid using Dnsmasq. | Avoid using Dnsmasq. | ||
| - | Configure firewall to redirect | + | Configure firewall to redirect DNS traffic to your local DNS server. |
| + | Move the local DNS server to a separate subnet to avoid masquerading. | ||
| <code bash> | <code bash> | ||
| # Configure firewall | # Configure firewall | ||
| uci set firewall.dns_int.name=" | uci set firewall.dns_int.name=" | ||
| - | uci set firewall.dns_int.src_ip=" | + | uci set firewall.dns_int.dest_ip=" |
| - | uci set firewall.dns_int.dest_ip=" | + | |
| - | uci -q delete firewall.dns_masq | + | |
| - | uci set firewall.dns_masq=" | + | |
| - | uci set firewall.dns_masq.name=" | + | |
| - | uci set firewall.dns_masq.src=" | + | |
| - | uci set firewall.dns_masq.dest_ip=" | + | |
| - | uci set firewall.dns_masq.dest_port=" | + | |
| - | uci set firewall.dns_masq.proto=" | + | |
| - | uci set firewall.dns_masq.target=" | + | |
| uci commit firewall | uci commit firewall | ||
| / | / | ||
| - | </ | ||
| - | Assign the local DNS server an IP address in a [[docs: | + | # Configure |
| + | uci add_list | ||
| + | uci commit network | ||
| + | / | ||
| + | </ | ||