Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:guide-user:firewall:fw3_configurations:intercept_dns [2023/10/05 06:18] – [DNS redirection] vgaetera | docs:guide-user:firewall:fw3_configurations:intercept_dns [2023/10/05 06:53] – [DNS forwarding] vgaetera | ||
|---|---|---|---|
| Line 89: | Line 89: | ||
| ==== DNS forwarding ==== | ==== DNS forwarding ==== | ||
| Set up [[docs: | Set up [[docs: | ||
| - | Configure firewall to exclude | + | Assuming |
| + | Configure firewall to avoid looping. | ||
| <code bash> | <code bash> | ||
| Line 100: | Line 101: | ||
| ==== DNS redirection ==== | ==== DNS redirection ==== | ||
| Avoid using Dnsmasq. | Avoid using Dnsmasq. | ||
| - | Configure firewall to redirect | + | Configure firewall to redirect DNS traffic to your local DNS server. |
| + | Move the local DNS server to a separate subnet to avoid masquerading. | ||
| <code bash> | <code bash> | ||
| # Configure firewall | # Configure firewall | ||
| uci set firewall.dns_int.name=" | uci set firewall.dns_int.name=" | ||
| - | uci set firewall.dns_int.src_ip=" | ||
| - | uci set firewall.dns_int.dest_ip=" | ||
| - | uci -q delete firewall.dns_masq | ||
| - | uci set firewall.dns_masq=" | ||
| - | uci set firewall.dns_masq.name=" | ||
| - | uci set firewall.dns_masq.src=" | ||
| - | uci set firewall.dns_masq.dest_ip=" | ||
| - | uci set firewall.dns_masq.dest_port=" | ||
| - | uci set firewall.dns_masq.proto=" | ||
| - | uci set firewall.dns_masq.target=" | ||
| - | uci commit firewall | ||
| - | / | ||
| - | </ | ||
| - | |||
| - | Move the local DNS server to separate subnet to avoid masquerading. | ||
| - | |||
| - | <code bash> | ||
| - | # Configure firewall | ||
| - | uci set firewall.dns_int.src_ip=" | ||
| uci set firewall.dns_int.dest_ip=" | uci set firewall.dns_int.dest_ip=" | ||
| - | uci -q delete firewall.dns_masq | ||
| uci commit firewall | uci commit firewall | ||
| / | / | ||