[Dnsmasq-discuss] How to prevent LAN DNS for remote guests

Geert Stappers geert.stappers at hendrikx-itc.nl
Sat Dec 21 11:59:28 GMT 2019

On 21-12-2019 09:10, Koos Pol wrote:

> Hi,
> I'm setting up my openwrt modem as an internet gateway for remote guests.
> The modem is running openvpn and dnsmasq.
> The guests arrive at their own interface (tun1 = openvpn) with a
> different subnet. Guest > LAN forwarding is disabled in the firewall
> for security reasons.
> However, once the guests have connected, dnsmasq will resolve the LAN
> for them. Although guests won't be able to connect to anything on the
> LAN (forwarding is off) they are still able to go on a fishing
> expedition thanks to DNS. I don't want to turn off DNS completely. So
> |--except-interface=tun1|is not an option.
> So, for anything connecting to tun1, how can I enable DNS resolving
> the internet space, while preventing resolving my LAN?

I think the question is  "How to do that with a single DNS"

> Thanks!
> Koos

Ik hoop dat je er wat mee kunt.

Groeten Geert

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191221/3a2458a7/attachment.html>

More information about the Dnsmasq-discuss mailing list