I have Zeroshell working fine, using DHCP, Captive Portal and Kerberos Authentication to control a guest wireless Access Point.
DNS is switched off and I distribute my ISP’s DNS adress via DHCP. This is to prevent users accessing my local network, as the ISP DNS doesn’t resolve my local addresses. However, if I manually set the DNS address to one of my local servers, these local addresses become available.
To plug this hole, is there any way I can stop my local addresses routing through Zeroshell?
You can always block access with the firewall feature of ZS. However providing your clients your ISP’s DNS server instead of yours is not exactly a security technique.
My suggestion is to provide to your clients your DNS via DHCP (to reduce the internet utilization by caching) and deny access to your internal network as you wish.
Nice idea, but if I disallow access to my LAN, how are the users to get to my internal DNS servers? 🙄
Solved it by setting the Captive Portal to not capture traffic destined for my LAN, and setting some Firewall rules to block that access 😆