Silly me ... :-) Yes its working now. Does this sort of configuration prevent a DNS leak?
Cheers Respect your privacy and that of others, don't give your data to big corporations. Use alternatives like Signal (https://whispersystems.org/) for your messaging or Diaspora* (https://joindiaspora.com/) for your social networking. Il 01/10/2017 01:59, Chris L ha scritto: >> On Sep 30, 2017, at 5:38 PM, Antonio <[email protected]> wrote: >> >> Hi, >> >> I tried to add the "block DNS queries to external resolvers" as >> described here >> (https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers >> ) to my LAN config and noticed that traffic would not go anywhere on the >> LAN until I disabled the the two rule below on port 53. With rules 1,4,5 >> below, all works well. When I switch on 2 and 3 too, browser stops >> working and all traffic on LAN goes nowhere. Why would this be? > > Because your clients aren’t configured to use “LAN Address” as their DNS > server? > >> Thanks >> >> >> >> Protocol Source Port Destination Port Gateway >> Queue Schedule >> Description Actions >> 1 >> >> 1 /3.61 MiB <https://192.168.2.1/diag_dump_states.php?ruleid=80,81> >> * * * LAN Address 443 >> 80 * * >> Anti-Lockout Rule >> 2 >> <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=2> >> 0 /0 B <https://192.168.2.1/diag_dump_states.php?ruleid=84,85> >> IPv4+6 TCP/UDP * * LAN address 53 (DNS) * >> none Allow DNS to >> pfSense/DNSMASQ/OpenDNS >> 3 >> <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=3> >> 0 /21 KiB <https://192.168.2.1/diag_dump_states.php?ruleid=86,87,88,89> >> IPv4+6 TCP/UDP * * * 53 (DNS) * none >> Block DNS to everything >> else >> 4 >> <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=4> >> 1 /44.34 MiB <https://192.168.2.1/diag_dump_states.php?ruleid=90> >> IPv4 * LAN net * * * * none >> Default allow LAN to any rule >> 5 >> <https://192.168.2.1/firewall_rules.php?if=lan&act=toggle&id=5> >> 0 /0 B <https://192.168.2.1/diag_dump_states.php?ruleid=> >> IPv6 * LAN net * * * * none >> Default allow LAN IPv6 to any rule >> >> -- >> >> Respect your privacy and that of others, don't give your data to big >> corporations. >> Use alternatives like Signal (https://whispersystems.org/) for your >> messaging or >> Diaspora* (https://joindiaspora.com/) for your social networking. >> >> _______________________________________________ >> pfSense mailing list >> https://lists.pfsense.org/mailman/listinfo/list >> Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
