Port redirecting or Dropping

There have been a bunch of posts and Wiki’s about port Forwarding but I am still not sure how to do it the right way.

I have IPfire running Unbound
but some devices are still using their own DNS servers like etc…

Can I setup a “HoneyPot DNS” just to see what are they trying to resolve.

I would like to

  • force this unknown DNS traffic on port 53 or 853 from device to the Honeypot.

  • IPFire/Unbound should still function as usual -

  • Or I could just drop the unknown traffic instead.

Does this look alright:

Getting this Note

I do not believe you can’t do this using the GUI. I do not understand Linux Iptables enough to be useful to you, but I think this is where you need to go. In other words, you need to craft a set of rules to put into firewall.local to do that.

What you could do in alternative, is to forget about honeypotting the dns. Just create a NAT rule to rewrite all the traffic of the green network on the DNS port toward the firewall. This will transparently forward all the green zone DNS traffic to the Unbound server regardless of the initial destination.

1 Like

I created the rule to redirect the DNS traffic a while ago but it was not working.

Not sure if it is working 100% now. I see some traffic redirected but not all.

What I see is that at least all the NTP traffic, ( UDP port 123) seems to be redirected to IPfire,
This wasn’t working for a while, I guess sometimes recently it started working.

Did you created a rule in the firewall to allow access to the DNS from green/blue? By default now this is closed, you have to explicitly allow it.

1 Like

Actually I didn’t , I just created the “redirect rule” pictured above

DNAT rules are redirecting only traffic that are send to IPFire’s IP’s as destination. It not work for other servers like because the destination not match.


Try to adapt to your system and add the following rule and set it to occur before the redirect rule.

EDIT: I am not sure if this rule is necessary when the redirect rule is in effect. It used to be indispensable when the redirect rule was not functional due to “destination: any” not being implemented in WUI, but some time last year this was changed (as documented in the history of the WIKI page). I hope someone more competent than I am can clarify this.

1 Like