[Dnsmasq-discuss] How to prevent LAN DNS for remote guests

Geert Stappers geert.stappers at hendrikx-itc.nl
Sat Dec 21 11:59:28 GMT 2019


On 21-12-2019 09:10, Koos Pol wrote:

> Hi,
>
> I'm setting up my openwrt modem as an internet gateway for remote guests.
> The modem is running openvpn and dnsmasq.
> The guests arrive at their own interface (tun1 = openvpn) with a
> different subnet. Guest > LAN forwarding is disabled in the firewall
> for security reasons.
> However, once the guests have connected, dnsmasq will resolve the LAN
> for them. Although guests won't be able to connect to anything on the
> LAN (forwarding is off) they are still able to go on a fishing
> expedition thanks to DNS. I don't want to turn off DNS completely. So
> |--except-interface=tun1|is not an option.
> So, for anything connecting to tun1, how can I enable DNS resolving
> the internet space, while preventing resolving my LAN?

I think the question is  "How to do that with a single DNS"


> Thanks!
> Koos


Ik hoop dat je er wat mee kunt.


Groeten Geert


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191221/3a2458a7/attachment.html>


More information about the Dnsmasq-discuss mailing list