DNS query to FW not working with Gateway Group

[gregober]

Apply to both Unbound or DNS forwarder

1. You create a simple dual WAN config.
2. You bind that to a FW rule in order to apply the Multi-Wan settings to your LAN traffic
3. All DNS traffic is blocked no querry will go through

A simple solution is to create an allow rule for traffic from your LAN to your FW on port 53 and place It before your Dual Wan GW binding… but this is just a workaround.

DNS traffic rules should be auto-created based on which interfaces you have defined on your DNS (unbound or DNS forwarder).

[fichtner]

We're not sure about the most sensible course of action and will investigate further before applying a fix :)

[fichtner]

why does github hab this close and comment button? sorry

[AdSchellevis]

@gregober we've tested the same at our office and confirmed you need a firewall rule to allow access to the local machine, otherwise it will be send to the gateway.

We will make sure to add this to our upcoming documentation, but auto generating rules is in our opinion not the best solution. In some cases you don't want the local services to be accessible via all connected clients, other services also don't inject rules for themselves.
The current situation without the gateway group is by the way also not generated in the firewall, but default available using the "allow all" rule.

Auto generating would make the world more complex and will hide the real situation for the administrator.