Pfsense 2.3.1 with OpenDNS (Web filtering)
How to configure Pfsense with OpenDNS (Web filtering)
Requirements
1. Install pfsense 2.3.1 (More than one Dynamic DNS included in this version)
2. Sign up with OpenDNS
3. Configure your network on OpenDNS and don’t forget to configure your web filter settings)
Pointing your network to OpenDNS
Assuming that you have completed the above requirements, first you have to change your DNS on pfsense to OPENDNS. To do this, go to Systems > General Setup. Under DNS Server Settings
DNS Server 1: 208.67.222.222
DNS Server 2: 208.67.220.220
DNS Server Override: Unchecked
Disable DNS Forwarder: Checked
Once you finished, click Save to save all the setting you entered
DNS Resolver & Forwarder
Once you completed the above process, you need to disable DNS Resolver and enable DNS Forwarder.
(I am not sure if DNS Resolver can be configured with OpenDNS, I tried to configure it but no luck. With DNS Forwarder, everything work well. Maybe someone can help out to explaining it WHY)
To do this, you need to go to Services > DNS Resolver > Enable: (Unchecked)
After that, Go to Services > DNS Forwarder > Enable: Checked
Interfaces: All
Click Save
Dynamic DNS
When finished, Go to Services > Dynamic DNS > Add
In this case, I’ll be using OpenDNS but you can pick any services that you like.
Service Type: OpenDNS
Interface to Monitor: WAN
Hostname: opendns.com
MX: leave blank
Wildcards: Unchecked
Verbose Logging: Checked
Username: email address that you registered with on OpenDNS
Password: Your Password
Confirm: Your Password again
Description: You can enter “OpenDNS Account”
Save setting.
Note: If the cached ip is not available, check you settings again. If you see a green ip, everything is okay.
Redirecting all DNS Requests to Pfsense
In some cases, some users can bypass a configured DNS by changing their local DNS to other DNS ips. To avoid it, go to this link: https://doc.pfsense.org/index.php/Redirecting_all_DNS_Requests_to_pfSense
Another option is to block Local DNS configured on a Computer.
To do this, you have to create two LAN Firewall Rules. One rule that allow all requests from pfsense local DNS and the second one will block all requests from external DNS.
Firewall > Rules > LAN > Add with up arrow
Action: Pass
Interface: Lan
Address Family: IPv4
Protocol: TCP/UDP
Source: Invert match-Unchecked/ ANY
Destination: LAN Address
Destination port range: DNS (53)
Log: Checked if you like
Description: Enter smth related to this rule.
Click Save
After that, copy the same rule and change the following settings.
Action: Block and Destination: Any. Other settings remain the same.
I hope that this howto help you alot.
Secondly, big thanks to pfsense team for releasing pfsense 2.3.1
You guys are the best.
Nenhum comentário:
Postar um comentário