Jump to:navigation, search
Wiki





























De.png
En.png
Fr.png






Last adaptation to the version: 12.6.1
New:
  • Updated to Redesign of the webinterface
notempty
This article refers to a Resellerpreview

12.4 12.2.3 11.7 11.6.11

Access: UTM-IP:Port or UTM-URL:Port
Port as configured at Network / Appliance Settings / Webserver
Default-Port: 11115
i.e.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115
Applications Nameserver  Area DNS Forwarding


DNS Forwarding

A DNS forwarding is used to forward all DNS requests made to the firewall's name server to another IP.


Add DNS Forwarding

Menu Applications Nameserver  Area DNS Forwarding Button + Add DNS Forwarding

Caption Value Description Add DNS Forwarding UTMuser@firewall.name.fqdnApplicationsNameserver UTM v12.6.0 Anwendungen Nameserver DNS Forwarding hinzufügen-en.pngCreating a DNS Forwarding
IP address: 192.168.175.2 Click on Add server and in the IP address field the address of the remote name server is entered


Edit the entry
trash Delete the entry

Saves the entry


Domain forwarding through a VPN tunnel

Sometimes it is necessary to forward internal domain requests to a remote name server located in a VPN.

It should be noted here that, by default, all direct requests addressed to external name servers are sent from the firewall with the external IP. However, a public IP is not routed into a VPN tunnel.


Set the name server of the firewall

Caption Value Description Server settings UTMuser@firewall.name.fqdnNetwork UTM v12.6.0 Netzwerk Servereinstellungen DNS Server-en.pngName server IP
Check name server before local cache: Yes Should be enabled
Primary name server: 127.0.0.1 The IP of the UTM itself (localhost=127.0.0.1)
Secondary name server:     Can remain empty or designate another DNS in the VPN
Saves the entry


Create relay

notempty
For this example, an IPSec connection was used. For SSL-VPN, the setup is done in the same way.

Menü Menu Applications Name server  Area Zones Button + Add Relay-Zone.

Caption Value Description Add relay zone UTMuser@firewall.name.fqdnApplicationsNameserver UTM v12.6.0 Anwendungen Nameserver Relay Zone hinzufügen-en.pngCreating the relay zone
Zone name: relay.test.local Zone name of the desired domain
Type: Relay Select this type
IP address: 192.168.8.5 Click on Add server and in the IP address field the address of the remote name server is entered


Edit the entry
trash Delete the entry

Saves the entry


Create network object

Menu Firewall Network Objects  Button + Add Object. A network object must be created for the IPSec network.

Caption Value Description Add Network Objects UTMuser@firewall.name.fqdnFirewallNetwork object UTM v12.6.0 Netzwerkobjekt DNS Forwarding-en.pngNetwork object
Name: IPSec-Network Choose unique name
Type: VPN network Select this type
Address: 192.168.8.0/24 The IP address corresponds to that of the IPSec network
Zone: vpn-ipsec Suitable zone must be selected
Saves the entry


Add Rule

In the last step, a firewall rule with a Hide NAT must be created. This causes the DNS forwarding to also go into the tunnel, and not directly into the Internet.
Menu Firewall Packetfilter  Button + Add Rule.

Caption Value Add Rule UTMuser@firewall.name.fqdnFirewallPacketfilter UTM v12.6.0 Paketfilterregel DNS Forwarding-en.png
Aktive: On
Source: Interface.svg external-interface
Destination: Vpn-network.svg IPSec-Netzwerk
Service: Udp.svg domain-udp

[-] NAT
Type: HIDENAT
Network object: Interface.svg internal-interface
Saves the rule and closes the dialogue. The rules must then be updated.


Safe Search with external DHCP server

If an external DHCP server is used, the active web filter Safe Search often does not work for search engines, especially Google, when searching for images.
In order for this web filter to take effect there as well, the following forward zones must be set up for all ccTLDs (see https://www.google.com/supported_domains : www.google.de, www.google.ch, ...).
Menu Applications Nameserver  Button + Add Forward Zone.

Caption Value Zone bearbeiten UTMuser@firewall.name.fqdnApplicationsNameserver UTM v12.6.0 Anwendungen Nameserver Zone bearbeiten-en.pngThe forward zone set up for www.google.com
Zone name: www.google.com
Name server hostname: localhost
Name server IP address:    
In the Name server window, click in the www.google.de zone.
In the Edit Zone window click Add entry.
Name: www.google.com
Type: A
Value: 216.239.38.120
Save and click again on Add entry.
Name: www.google.com
Type: AAAA
Value: 2001:4860:4802:32::78
Saves the entry