On 2019-12-19, Anthony O' Brien <[email protected]> wrote: > Long time reader, first time writing in... > >> The big question: Is there any DOC for OpenBSD about this? What pf rules >> needed to redirect any DNS server (ex.: 8.8.8.8 or 1.1.1.1) requests to > the >> DNS server running on the ROUTER, coming from the CLIENTS? > > You can use rdr-to[0] with pf to redirect all DNS queries to the DNS > resolver running on the router. A rule in pf.conf would look something like: > > pass in on $int_if proto { udp , tcp } from any to any port domain \ > rdr-to $dns_server port domain > > Ted Unangst has short write-up about turning your network inside out to do > just this[1]. > > [0]: https://man.openbsd.org/pf.conf.5#rdr-to > [1]: > https://flak.tedunangst.com/post/turn-your-network-inside-out-with-one-pfconf-trick >
Just remember what you've done - if you ever try to troubleshoot a broken nameserver or something while using this connection the hijacking might cause some confusion!
