|
Post by suiciety on Jun 23, 2016 2:27:36 GMT
Hi,
I've setup a 3rd NIC to act as a secondary LAN interface for some guest traffic we have but am having problems with DNS resolution.
Setup as follows WAN -- LAN (172.16.0.1) -- LAN2 (192.16.4.1)
The DNS forwarder is on and is working on the primary LAN interface but doesn't seem to work on the LAN2 interface.
Do I need to apply extra firewall rules to make this happen?
I've checked on the primary LAN and there is nothing there related to forwarding or filtering DNS that I can see.
I can ping successfully out and connect via HTTP/HTTPS directly to IP addresses on the WAN side.
Cheers
EDIT (am Running 1.8.4b10 )
|
|
|
Post by Lee Sharp on Jun 23, 2016 3:31:05 GMT
Did you set up a default rule on the new interface allowing any traffic? When it is first created, there are no rules at all... And yes, DNS is active on all interfaces if the firewall allows traffic.
|
|
|
Post by suiciety on Jun 23, 2016 23:18:17 GMT
Cheers, that was the first thing I checked.
I have setup rules to allow TCP 80/443 and ICMP to any.
The devices are getting valid DHCP addresses and I can ping the smallwall and addresses on the WAN side. I can also load web pages via IP address so the traffic is flowing.
The gateway is being correctly received as the smallwall LAN2 (GUEST) interface address.
I've tried a couple of laptops wirelessly and physically connected machines. The result is the same.
|
|
|
Post by Lee Sharp on Jun 23, 2016 23:56:41 GMT
You need to allow TCP/UDP to port 53 as well to the LAN2 (192.16.4.1) interface. Frankly, I would allow everything to the LAN2 (192.16.4.1) interface.
|
|
|
Post by suiciety on Jun 24, 2016 2:08:53 GMT
Thanks,
So you mean a firewall rule on the WAN for port 53 to LAN2 or a firewall rule on LAN2 to the WAN for port 53?
|
|
|
Post by Lee Sharp on Jun 24, 2016 2:10:53 GMT
A firewall rule on LAN2 for LAN2. I do From ANY, protocall ANY, to (interface IP address), protocall ANY - Allow.
|
|
|
Post by suiciety on Jun 24, 2016 2:43:33 GMT
Awesome it's working!
|
|
|
Post by Lee Sharp on Jun 24, 2016 3:47:56 GMT
Glad to help.
|
|