On 21-12-2019 09:10, Koos Pol wrote: > Hi, > > I'm setting up my openwrt modem as an internet gateway for remote guests. > The modem is running openvpn and dnsmasq. > The guests arrive at their own interface (tun1 = openvpn) with a > different subnet. Guest > LAN forwarding is disabled in the firewall > for security reasons. > However, once the guests have connected, dnsmasq will resolve the LAN > for them. Although guests won't be able to connect to anything on the > LAN (forwarding is off) they are still able to go on a fishing > expedition thanks to DNS. I don't want to turn off DNS completely. So > |--except-interface=tun1|is not an option. > So, for anything connecting to tun1, how can I enable DNS resolving > the internet space, while preventing resolving my LAN?
I think the question isĀ "How to do that with a single DNS" > Thanks! > Koos Ik hoop dat je er wat mee kunt. Groeten Geert
_______________________________________________ Dnsmasq-discuss mailing list Dnsmasq-discuss@lists.thekelleys.org.uk http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss