Note: This FAQ will demonstrate how to set up DNS relay so that a computer running on the LAN port can use the LAN IP of the D-Link firewall as a DNS server.
D-Link Netdefend firewall Details:
• LAN IP on firewall: 192.168.1.1
• Lannet on firewall: 192.168.1.0/24
• External DNS Server: 4.2.2.2
Step 1: Open the web browser and type the IP address of the firewall into the address bar (default is 192.168.1.1). Press Enter.
Step 2: Click on the plus sign next to Objects, select Address Book, and then select Interface Addresses.
Step 3: Click on Add and select IP address from the dropdown menu.
Step 4: Configure the D-Link DNS server address as followed:
• Name: Name as desired (dns_server in this example).
• IP Address: External DNS server address.
Click on OK.
Step 5: Click on the plus sign next to Rules and then select IP Rules.
Step 6: Click on Add and select IP Rule from the dropdown menu.
Step 7: Create the IP Rule as followed:
• Name: Name as desired
• Action: SAT
• Service: dns-all
• Schedule: None
• Source interface: lan
• Source network: lannet
• Destination interface: core
• Destination network: lan_ip
Step 8: Click on the SAT tab and under New IP Address select dns_server (as created in Step 4) from the dropdown menu.
Step 9: Click on Add to create another IP Rule and configure it as followed:
• Name: Name as desired
• Action: NAT
• Service: dns-all
• Schedule: None
• Source interface: lan
• Source network: lannet
• Destination interface: core
• Destination network: lan_ip
Note: If the environment is not NAT, then the action is Allow.
Step 10: Click on the Configuration tab and select Save and Activate from the dropdown menu. Click on OK to save and activate your changes.
Note: Make sure these two rules are triggered before any generic rules (e.g. allow_standard rules).And also, configure all PCs to have the firewall lan_ip (192.168.1.1) as DNS server.
Tags: DNS Relay, IP Rule, Netdefend firewall
2volunteer