I have what I feel to be slightly simpler, so 'mebbe' more elegant way of locking users into OpenDNS, which enforces filtering and/or denies access to proxies.

I submit it to see if anyone can shoot some holes in it.

With a hardware firewall doing DHCP & NAT (in my case), DHCP assigns the UT box as DNS server to clients. UT in bridge mode has OpenDNS servers' IP addresses setup on the external iface. UT has protocol control set to block UDP 53 DNS - a standard checkbox.

Look Ma, no firewall rules needed.

I don't know if you eliminate the HW FW, and put UT in router mode w/ DHCP & NAT, you would have the same effect?

Jim A.

I'd just use the firewall built into Untangle. It only takes one rule.

OIC :D

A more common scenario where SBS (or something) in the internal network is doing DNS already; would require the second rule allowing port 53 from that server, and I assume the protocol block would be in the way of that.

I'm learning

.ja.

Or you could point your SBS DNS server so all queries go to your Untangle box OPENDNS server?

What are you ultimately trying to do??