Ken Bantoft wrote:
On 28-Sep-09, at 11:03 AM, Simon Kelley wrote:
Ken Bantoft wrote:
Hi,
I've run into a case where I'd like dnsmasq to forward queries over
an IPSec VPN tunnel to nameservers on the far side, but this doesn't
seem to work as expected.
I've got 2 Interfaces - br-lan (192.168.1.1) and ppp0 (PPPoE -
216.x.x.x). IPsec is terminated on the same machine, so it has a
tunnel from 192.168.0.0/24 to 10.0.0.0/8.
dnsmasq is set to forward all queries to 10.x.x.10 and 10.x.y.10
nameservers, which are across the tunnel in the datacenter. What
I'm seeing with tcpdump is the requests going out the ppp0
interface, with the 216.x.x.x IP address. I've tried a variety of
options (bind- interfaces, listen-address), as I really want dnsmasq
to bind only to the br-lan interface, and use that address as the
Source IP for the forwarded queries, but no combination I've tried
does the trick.
Any suggestions?
Stop dnsmasq from looking for servers in /etc/resolv.conf with
no-resolv
in /etc/dnsmasq.conf and then specify them using "server=" lines in
/etc/dnsmasq.conf like this
server=10.x.x.10@br-lan
server=10.x.y.10@br-lan
We've been here before....
That was my 1st step... so I do see it sending the requests to 10.x.x.10
and 10.x.y.10 as expected - just out the wrong interface...
Ken
If this a routing problem? Dnsmasq can control the source address of the
packets, and the destination address is straightforward, but it can't
control how the kernel routes the packets: do you have a route to
10.0.0.0/8 via the tunnel?
Cheers,
Simon.
