FREESCO Support

[psv]

Hello ! say me please --- how i can deny access to external dns ???

[dingetje]

Your question is not entirely clear. Do you mean access from outside your LAN to the FREESCO DNS server or do you mean access from within your LAN to other DNS servers?
The first situation can be accomplished by changing the DNS server in your FREESCO setup to 's' (for secure). The 2nd situation requires a firewall rule in rc_user to block outgoing access to port 53 (DNS service).

[psv]

ipfwadm -O -a deny -S 10.13.106.0/24 53 -D 0/0 -o
is this is correct ??? don't working ...

i have dsl inet ... freesco 0.3.x (10.13.106.9) with squid + dns(s-localy) and some windows pc(10.13.106.0...)
when i enter external dns in windows machine i have inet without squid ...

in freesco 0.4.2 in dns setup i can choose item where external dns is disabled ...
please help

[dilberts_left_nut]

From the setup...

Code: Select all

 Advanced settings (x - exit)? 41

        Caching DNS server.
        Recommended for most configurations in "s" or "e" mode.

        WARNING:y - Enable service worldwide (insecure)
                s - Enable service locally (secure recommended)
                n - Disable service

        NOTE:   If you have port forwarding on port (53), you must
                not use secure modes.

        NOTE:   e - (secure exclusive mode).
                This forces all clients to use this server exclusively
                and external DNS servers are not allowed.

41 Enable caching DNS server (y/s/n/e) [s]?


If you want your internal clients to use ONLY the freesco DNS and NOT any other outside servers use option "e"

[psv]

... i have freesco 0.3.4 and this version have not this choose ...
... only firewall rool can help me

[Lightning]

i have freesco 0.3.4 and this version have not this choose ...
... only firewall rool can help me

You are correct the "exclusive" option was introduced in much later versions. As for manually putting the rule in place, try this

edit /rc/rc_user

Code: Select all

firewall)
   ipfwadm -F -i reject -P udp -b -S 0/0 53
   ipfwadm -F -i reject -P tcp -b -S 0/0 53
   ;;

Once you save the change run "rc_masq restart".

However if you are trying to force the use of squid this is not really going to be really effective. You will be much better off reconfiguring squid as a transparent proxy so that clients don't have a choice to use it or not.