<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>On 21-12-2019 09:10, Koos Pol wrote:<br>
</p>
<blockquote type="cite"
cite="mid:828770fe-9ab1-512c-ab26-21478ec8f173@pohw.nl">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<font face="Carlito">Hi,<br>
<br>
I'm setting up my openwrt modem as an internet gateway for
remote guests.<br>
The modem is running openvpn and dnsmasq.<br>
The guests arrive at their own interface (tun1 = openvpn) </font><font
face="Carlito"><font face="Carlito">with a different subnet. </font>Guest
> LAN forwarding is disabled in the firewall for security
reasons.<br>
However, once the guests have connected, dnsmasq will resolve
the LAN for them. Although guests won't be able to connect to
anything on the LAN (forwarding is off) they are still able to
go on a fishing expedition thanks to DNS. I don't want to turn
off DNS completely. So </font><code>--except-interface=tun1</code><font
face="Carlito"> is not an option. <br>
So, for anything connecting to tun1, how can I enable DNS
resolving the internet space, while preventing resolving my LAN?<br>
</font></blockquote>
<p><font face="Carlito">I think the question isĀ "How to do that
with a single DNS"</font></p>
<p><font face="Carlito"></font><br>
</p>
<blockquote type="cite"
cite="mid:828770fe-9ab1-512c-ab26-21478ec8f173@pohw.nl"><font
face="Carlito"> Thanks!<br>
Koos<br>
</font></blockquote>
<p><br>
</p>
<p><font face="Carlito">Ik hoop dat je er wat mee kunt.</font></p>
<p><font face="Carlito"><br>
</font></p>
<p><font face="Carlito">Groeten Geert</font></p>
<p><font face="Carlito"></font><br>
</p>
</body>
</html>