Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[EnZ0]

Hi all and sorry for my poor english in advance !

I have a DFL-860 but I still can not do a thing, and I need the help of professionnals that you are.

I do filtering via OpenDNS, which answer a lot of expectation of my institution. Also, the DFL DNS1 is configuring with the IP of OpenDNS.

My concern is that the network can change carefree address their DNS on their notebook, and then also pass filtering.

What rule do I put in place to force the use of the DFL DNS for all users of the network?

Another secondary question: The DFL can filter the level 7 (particularly useful for blocking torrent etc)?

Thank you for your help!

A poor french guy

[lingnau]

You can simply create a rule to deny DNS traffic. I think the best thing would be to create a SAT/Allow rule to allow the network clients to use the firewall's IP as DNS.
Second thing, create a rule to deny DNS traffic.

It would look like this(Or in your case, LAN source instead of DMZ and you could use normal SAT instead of SAT_SLB):

(There's a detailed  manual somewhere on D-Link website about how to do DNS SAT.

The firewall has IDP/IPS, i think it can block p2p but I've never used that.(I'm almost sure it also needs a subscription on the DFL-800, not sure about the DFL-860) I usually do the old fashion:
Allow HTTP, HTTPS, FTP, SMTP/POP (And secure variations) and deny all the rest. That resolves the torrent issue and another half a dozen issues.

[EnZ0]

Thanks lingnau!

I try this solution quickly!

[lingnau]

Thanks lingnau!

I try this solution quickly!

And, did it work? Please post back.

[chechito]

that metodology its right i was using it since 2007