Good day, I have dnscrypt-proxy working in sys-net only. But I am stuck on how to forward dns requests moving from sys firewall and the vms behind it so that sys-net can route them out via the proxy. I only have dnscrypt-proxy running, it is not combined with unbound or dnsmasq.
The firewall rule in sys-firewall is Chain PR-QBS (1 references) pkts bytes target prot opt in out source destination 1 69 DNAT udp -- * * 0.0.0.0/0 10.139.1.1 udp dpt:53 to:10.139.1.1 0 0 DNAT tcp -- * * 0.0.0.0/0 10.139.1.1 tcp dpt:53 to:10.139.1.1 0 0 DNAT udp -- * * 0.0.0.0/0 10.139.1.2 udp dpt:53 to:10.139.1.2 0 0 DNAT tcp -- * * 0.0.0.0/0 10.139.1.2 tcp dpt:53 to:10.139.1.2 and in sys-net it is Chain PR-QBS (1 references) pkts bytes target prot opt in out source destination 16 960 DNAT udp -- * * 0.0.0.0/0 10.139.1.1 udp dpt:53 to:127.0.0.1 0 0 DNAT tcp -- * * 0.0.0.0/0 10.139.1.1 tcp dpt:53 to:127.0.0.1 14 840 DNAT udp -- * * 0.0.0.0/0 10.139.1.2 udp dpt:53 to:127.0.0.1 0 0 DNAT tcp -- * * 0.0.0.0/0 10.139.1.2 tcp dpt:53 to:127.0.0.1 My firewall routing is self taught and not great but from the looks of it dns requests from sys-firewall are being forwared to sys-net on 10.139.1.1 which is receiving them and forwarding them to 127.0.0.1 which is what dnscrypt is using. Yet with it running I cannot resolve any dns outside of sys-net. thanks in advance -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c8911f36-ad79-4275-8b07-52cbfb7da7f0%40googlegroups.com.