On May 11, 2014 3:48 PM, "Stefan Baur" <[email protected]> wrote: > > Am 11.05.2014 21:28, schrieb Ryan Coleman: > > >> The simple solution is to block all outbound DNS at the firewall, but > >> this can also break things (like some Google and Apple devices). > >> Even broken devices usually have a fallback mode, but be careful of > >> what breaks when you do this! > > > Correct. Using this feature will break any client with a hard-defined > > DNS - as we found out in testing at the bar. > > (Guys, could we please use proper quoting etiquette instead of > full-quoting and alternating top- and bottom-posting?) > > I've never tried this in combination with a captive portal, but how > about redirecting *:53 to the pfsense DNS with a NAT rule that listens > on LAN instead of WAN? > Would that break the captive portal setup? > > -Stefan > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list
I don't have it in front of me at the moment, but the pfSense book has an excellent set of instructions for this. I've only used it a few times in fairly strict business networks, so breaking devices has not been an issue.
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
