Hi All,
I am having a really weird issue. Trying to setup a firewall zone for Guest Wireless Network. Using Debian as a test host, I am able to see DHCP is doing it’s thing?
shared-network-name GuestWLAN_POOL {
authoritative
subnet 172.16.12.0/24 {
default-router 172.16.12.254
domain-name guestwlan.lan
lease 86400
name-server 8.8.8.8
name-server 8.8.4.4
range 0 {
start 172.16.12.2
stop 172.16.12.250
}
}
}
Under /etc/resolve.conf
search guestwlan.lan
nameserver 8.8.8.8
nameserver 8.8.4.4
It’s also allocated the correct IP address from the POOL.
The firewall rules are in place - let everything out, want to use public DNS servers to resolve.
name GuestWLAN-WAN {
default-action drop
enable-default-log
rule 50 {
action accept
state established
state related
}
rule 51 {
action drop
log
state invalid
}
rule 100 {
action accept
description "Allow ALL GuestWLAN-WAN"
log
protocol all
state new
}
}
For some reason I can ping IP but when I try pinging a domain name it fails.
Looking through the logs I found that it is trying to access my internal DNS server although the DHCP scope has these set as external. Any idea why it is trying to use the firewall system DNS?