[Dnsmasq-discuss] How to prevent LAN DNS for remote guests
Koos Pol
koos2019 at pohw.nl
Sat Dec 21 08:10:37 GMT 2019
Hi,
I'm setting up my openwrt modem as an internet gateway for remote guests.
The modem is running openvpn and dnsmasq.
The guests arrive at their own interface (tun1 = openvpn) with a
different subnet. Guest > LAN forwarding is disabled in the firewall for
security reasons.
However, once the guests have connected, dnsmasq will resolve the LAN
for them. Although guests won't be able to connect to anything on the
LAN (forwarding is off) they are still able to go on a fishing
expedition thanks to DNS. I don't want to turn off DNS completely. So
|--except-interface=tun1|is not an option.
So, for anything connecting to tun1, how can I enable DNS resolving the
internet space, while preventing resolving my LAN?
Thanks!
Koos
||
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/attachments/20191221/b9721227/attachment-0001.html>
More information about the Dnsmasq-discuss
mailing list