Good day,
I have dnscrypt-proxy working in sys-net only. But I am stuck on how to
forward dns requests moving from sys firewall and the vms behind it so that
sys-net can route them out via the proxy.
I only have dnscrypt-proxy running, it is not combined with unbound or
dnsmasq.
The firewall rule in sys-firewall is
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source
destination
1 69 DNAT udp -- * * 0.0.0.0/0
10.139.1.1 udp dpt:53 to:10.139.1.1
0 0 DNAT tcp -- * * 0.0.0.0/0
10.139.1.1 tcp dpt:53 to:10.139.1.1
0 0 DNAT udp -- * * 0.0.0.0/0
10.139.1.2 udp dpt:53 to:10.139.1.2
0 0 DNAT tcp -- * * 0.0.0.0/0
10.139.1.2 tcp dpt:53 to:10.139.1.2
and in sys-net it is
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source
destination
16 960 DNAT udp -- * * 0.0.0.0/0
10.139.1.1 udp dpt:53 to:127.0.0.1
0 0 DNAT tcp -- * * 0.0.0.0/0
10.139.1.1 tcp dpt:53 to:127.0.0.1
14 840 DNAT udp -- * * 0.0.0.0/0
10.139.1.2 udp dpt:53 to:127.0.0.1
0 0 DNAT tcp -- * * 0.0.0.0/0
10.139.1.2 tcp dpt:53 to:127.0.0.1
My firewall routing is self taught and not great but from the looks of it
dns requests from sys-firewall are being forwared to sys-net on 10.139.1.1
which is receiving them and forwarding them to 127.0.0.1 which is what
dnscrypt is using. Yet with it running I cannot resolve any dns outside of
sys-net.
thanks in advance
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/c8911f36-ad79-4275-8b07-52cbfb7da7f0%40googlegroups.com.
