I am trying to setup a DNS sinkhole but I can't make it work.
This NAT rule doesn't have a firewall associated rule, but is not needed since range DMZ and the DNS server are in the same subnet
From a client in the subnet (Range DMZ) I simulate DNS querys to 220.127.116.11, this NAT rule should intercept those querys and route them to the DNS server in the same subnet.
I dont have any other NAT rule above that interfeeres on this, in fact I get hits in the rule but the log is empty.
What am I doing wrong? or how can I achieve this?
Another referrence here:
Any help? It should be hard and I am probably missing something.
In other firewalls is a built in feature.
Try adding a firewall rule. The rule will show no traffic, but does seem to be effective.
There is already a rule to allow that traffic. What do you mean exactly?
I have s similar rule, firewall rue shows no traffic, but the NAT rule does. Now I cannot find what traffic is being passed by yhr NAT rule because the logviewer filter based on NAT rule number does not work.