Trying to block sites using dns redirect, it works well when i have one subnet but when i have several subnets on vlans and i try to redirect dns requests only from a particular subnet that subnet cant browse anymore
my NAT rule
add action=redirect chain=dstnat comment=CaptureDNS2 dst-port=53 log=yes log-prefix=“staff pkt” protocol=udp src-address=10.10.10.0/24 to-ports=53
idea being i want to block some sites on the staff subnet 10.10.10.0/24 using static dns
Any help!!
I will remove the “to-ports=53” part below:
add action=redirect chain=dstnat comment=CaptureDNS2 dst-port=53 log=yes log-prefix="staff pkt" protocol=udp src-address=10.10.10.0/24 to-ports=53
Q’s that might guide you to answer:
If above does not help, then provide output of “export hide-sensitive” in “code” format to make more readable
I may be blind but I cannot see any “to-address” in an of the rules, so as there is “to-ports=53”, the rule effectively does nothing as the dst-port is 53 as well. So neither dst-address nor dst-port get actually changed.
What was the redirection rule which “worked for a single subnet”?
Thanks mehnn
It was the firewall droping the packets..i included the VLAN interfaces in the LAN interface list so that they were accepted by the default filter rules
i also changed the action to dst-nat and added the dest-address