Reply
New Member
Posts: 25
Registered: ‎07-21-2015
Kudos: 2
Solutions: 2

DNS between VLANs/Firewall Rule Help

Hi

 

USG question:

 

I have a native VLAN on 192.168.0.1/24, which has a DNS server at 192.168.0.200

 

I also have a VLAN on the 192.168.20.1/24 range.

 

I have a firewall rule that blocks all inter-vlan traffic.

 

Question is how do i set an exception in the firewall that will allow the second VLAN to pass DNS requests to the server on the first VLAN? i.e so if a client at 192.168.20.5 sets their DNS server to 192.168.0.200 they will be able to get DNS.

 

I thought i could do this with port groups (allowing port 53) but no luck.

 

I can see in the case of Guest networks there is a firewall created on 'GUEST IN' but as you cannot press edit to see the contents i cannot copy it!

 

Thank you

Established Member
Posts: 1,356
Registered: ‎01-29-2015
Kudos: 185
Solutions: 53

Re: DNS between VLANs/Firewall Rule Help

How about a port forward?

New Member
Posts: 25
Registered: ‎07-21-2015
Kudos: 2
Solutions: 2

Re: DNS between VLANs/Firewall Rule Help

I was always under the assumption that port forwarding was for forwarding external wan requests to internal lan ports but maybe that's incorrect?

 

Here's how i got my situation to work in the end:

 

Firewall rule: 

 

Before Predefined Rules

Accept

IPv4 Protocol: All

States: unchecked

Source: Network

Network: 192.168.20.1/24 VLAN / IPv4 Subnet

Destination: Address/Port Group

IPv4 Address Group: Group containing 192.168.0.200 (my DNS server address)

Port Group: DNS Group (53)

 

And then of course in the Networks settings for the 192.168.20.1/24 network, setting the DNS servers to 192.168.0.200

Reply