[Dnsmasq-discuss] How to prevent LAN DNS for remote guests
geert.stappers at hendrikx-itc.nl
Sat Dec 21 11:59:28 GMT 2019
On 21-12-2019 09:10, Koos Pol wrote:
> I'm setting up my openwrt modem as an internet gateway for remote guests.
> The modem is running openvpn and dnsmasq.
> The guests arrive at their own interface (tun1 = openvpn) with a
> different subnet. Guest > LAN forwarding is disabled in the firewall
> for security reasons.
> However, once the guests have connected, dnsmasq will resolve the LAN
> for them. Although guests won't be able to connect to anything on the
> LAN (forwarding is off) they are still able to go on a fishing
> expedition thanks to DNS. I don't want to turn off DNS completely. So
> |--except-interface=tun1|is not an option.
> So, for anything connecting to tun1, how can I enable DNS resolving
> the internet space, while preventing resolving my LAN?
I think the question is "How to do that with a single DNS"
Ik hoop dat je er wat mee kunt.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dnsmasq-discuss