6. Oktober 2021 14:12, "Bernhard Bitsch" schrieb: > Hello, > > Am 06.10.2021 um 12:04 schrieb Daniel Weismüller: > >> Hello >> I have also had a look at this. >> There are now two Wiki pages on this topic. >> - A general one (https://wiki.ipfire.org/configuration/firewall/rules/redirect-services). >> - A very specific one for DNS redirect (https://wiki.ipfire.org/configuration/firewall/dns). >> This is true, but the first page can't be found by a normal research in the wiki. >> Since core160 the general method works. This is equivalent to the method 1 described on the >> specific page. >> Following the general instructions, I have created a few firewall rules to redirect DNS, DoT and >> NTP. >> This works very well now. >> In general, I think that general instructions are always better than specific step-by-step >> instructions. >> Agreed. >> In my eyes, the described method 2, which had to be taken as a temporary solution, is therefore >> obsolete. In addition, pure blocking can lead to some devices no longer working. >> Having implemented the second method until now, I can see a difference. > > Label 'DNAT' in the logging isn't nice. 'REDIRECT' would be more helpful. > If I define a rule for NTP, I get two log entries ( one with 'DNAT', one with 'INPUTFW' ). A > similiar rule for DNS produces one log message only. > - > Bernhard I have checked my logs and cannot confirm this. 15:16:30 INPUTFW blue0 UDP 192.168.56.127 192.168.56.1 57803 53(DOMAIN) b8:85:84:a6:a0:f7 15:16:30 DNAT blue0 UDP 192.168.56.127 192.168.56.1 57803 53(DOMAIN) b8:85:84:a6:a0:f7 15:16:30 INPUTFW green0 UDP 192.168.55.30 192.168.55.1 123(NTP) 123(NTP) 00:1a:e8:ad:07:52 15:16:30 DNAT green0 UDP 192.168.55.30 192.168.55.1 123(NTP) 123(NTP) 00:1a:e8:ad:07:52 As you can see, two entries are always generated for me. - Daniel > >> Do you see it the same way? >>> - >> Daniel >> 5. Oktober 2021 22:10, "Bernhard Bitsch" schrieb: >> Hi all, >>> Thanks. >>> So it was only a misunderstanding. I thought, there would be options to redirect DNS requests and >>> NTP requests. >>> But this 'any port solution' is much mightier. >>> I'll try to convert my actual firewall.local solution to the main stream and report about the >>> results. >>> >>> Regards, >>> Bernhard >>> >>> Am 05.10.2021 um 18:28 schrieb Michael Tremer: >> >> Hello, >> Simply using -j REDIRECT. >> This was always part of the firewall engine, but the UI was broken and did not allow to create >> these rules. >> -Michael >> On 5 Oct 2021, at 14:55, Bernhard Bitsch wrote: >> Just a question. How is the activation of redirection implemented? >> >> Am 05.10.2021 um 12:45 schrieb IPFire Project: >> >> IPFire Logo >> there is a new post from Michael Tremer on the IPFire Blog: >> *IPFire 2.27 - Core Update 160 released* >> This is the release announcement for IPFire 2.27 - Core Update 160. >> It comes with a large number of bug fixes and package updates and >> prepare for removing Python 2 which has reached its end of life. >> Click Here To Read More >> The IPFire Project >> Don't like these emails? Unsubscribe .