dns interception
Comments
-
You can play a trick
To use NAT rule to redirect all tcp/udp port 53 traffic into USG.
Note: put this rule as the first rule, on top of the others1 -
Thanks for lan31's nice solution.
Hello ewing,
You can follow lan31's way to forcing all lan1 users do DNS query via USG DNS server.
Charlie0 -
if necessary, the firewall rule
0 -
The firewall rule need to allow clients to DNS server port in USG.
In general case, the device firewall rule "LAN_to_Device" already cover it.
So you don't need to add another rule.
Of course, if you want to restrict the client to device access permission.
Then add the rule to allow to access the DNS ports(tcp/udp port 53) to USG.
0 -
Sorry, I'm not so educated with IP stuff. Why the User Defined Mapped IP address in the above example is 192.168.1.1? Why not the USG LAN1 IP address, if the purpose was to redirect all the queries from LAN1?
Regards
Kelmi
0 -
You are right.
I forgot to note the screenshot was based on my USG setting which the lan1 ip address is 192.168.1.1
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 147 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 262 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight