Products Firewalla Gold SE Firewalla Gold Pro Firewalla Gold Plus Firewalla Purple Firewalla Purple SE Firewalla Wi-Fi SD Product Comparison Product Reviews

DoH when in bridge mode behind a pfsense firewall

Follow
Avatar
Orcrist
  • Edited

I have my firewalla in bridge mode between a unifi dream machine and a netgate 4200 pfsense firewall.  There are no special rules on the firewall for dns (other than pass UDP/53).  Each subnet passes the gateway address as the dns and at this point the DNS Resolver in pfsense handles the requests.  When I turn on DoH in firewalla it does not seem to have any affect at all.  DNS does not go where it should (it goes to CloudFlare even though DoH is set up to go to NextDNS).  I would suspect the firewall is the problem but the DNS resolves (and I can see activity on the DNS rule) it just doesn't seem to use firewalla at all.

When considering this in pfsense, I am assuming the DoH packets will be from Firewalla, not rewritten to look as if they came from the source client?

Another question.  If I enable DoH and Unbound, does that mean that DoH uses Unbound, or vice versa?  Meaning that dns requests will be converted to DoH and Unbound will act as a local cache?

0

Comments

5 comments

Sort by Date Votes
  • Avatar
    Firewalla

    Is the UDM your WAN or the PFSENSE your WAN?

    Which one is running bridge mode? or both are doing NAT?

    0
    Comment actions Permalink
  • Avatar
    Orcrist

    The UDM connects all of the access points and cameras.  The Firewalla bridges the udm to the pfSense.  The pfSense is on the outer edge (true WAN).

    The UDM does not manage IP addresses - all DHCP and firewall behavior is handled by pfSense,

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Can you please double-check that your UDM is in bridge mode? I don't think it supports it. If I miss understood your topology, is it this

    ==> WAN ==> PFSENSE ===> Firewalla in bridge mode ===> UDM in bridge mode ===> Your wifi /switch?

    0
    Comment actions Permalink
  • Avatar
    Orcrist

    No - there are only three components other than the WAN:

    ==> WAN ==> pfSense ==> Firewalla in bridge mode ==> UDM acting as a switch with APs/Cameras attached.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    I checked the UDM, it can't really act as a switch, it doesn't have bridge mode. May I know how you are setting the UDM to be a switch?

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post