On Mon, Feb 20, 2017 at 11:17 PM, Benny Pedersen <[email protected]> wrote:
> Guilsson . skrev den 2017-02-21 02:07:
>
> > Any clue how to get all these rules works like I need ?
>
> dns is port 53
>
I know.
In my named.conf:
listen-on port 53 { any; };
listen-on port 54 { any; };
> on top of that you miss tcp since dns is both udp and tcp
>
For the sake of simplicity in this questionI just post 2 lines of my rules:
#
REJECT:info loc net:8.8.8.8,8.8.4.4 tcp domain
REJECT:info loc net:8.8.8.8,8.8.4.4 udp domain
#
REDIRECT:info loc 54 udp domain
REDIRECT:info loc 54 tcp domain
#
> and for the enforce use my dns server, check shorewall config for how to
> enforce squid proxy on lan
>
> same rules apply for dns (DNAT squid/dns)
>
Sure. The redirect above is exactly the same as for Squid.
>
> or make it more simple with a local dhcp server that tells the ip of
> your local dns server
>
All devices on my Lan uses my DNS Bind for resolver.
My goal is intercept devices who does not obey my dhcpd settings like my
Chromwcast and Nexus Player from Google. They insist to use 8.8.8.8 and
8.8.4.4 as they primary DNS server.
Anyway, my question is not about dhcp and/or dns stuff.
It's about making the REJECT rules take precedence over REDIRECT rules.
Any clue ?
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
