Restricting traffic

Home Page Forums Network Management ZeroShell Restricting traffic

This topic contains 2 replies, has 0 voices, and was last updated by  7andY 9 years, 6 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #41838

    7andY
    Member

    I have Zeroshell working fine, using DHCP, Captive Portal and Kerberos Authentication to control a guest wireless Access Point.
    DNS is switched off and I distribute my ISP’s DNS adress via DHCP. This is to prevent users accessing my local network, as the ISP DNS doesn’t resolve my local addresses. However, if I manually set the DNS address to one of my local servers, these local addresses become available.

    To plug this hole, is there any way I can stop my local addresses routing through Zeroshell?

    Cheers, Andy E.

    #48558

    ppalias
    Member

    You can always block access with the firewall feature of ZS. However providing your clients your ISP’s DNS server instead of yours is not exactly a security technique.
    My suggestion is to provide to your clients your DNS via DHCP (to reduce the internet utilization by caching) and deny access to your internal network as you wish.

    #48559

    7andY
    Member

    Nice idea, but if I disallow access to my LAN, how are the users to get to my internal DNS servers? 🙄
    Solved it by setting the Captive Portal to not capture traffic destined for my LAN, and setting some Firewall rules to block that access 😆

    Cheers, Andy E.

    #48560

    ppalias
    Member

    Easy, first allow access from your clients’ network to port 53/UDP of your DNS servers and then deny everything else.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.