Did I use the right command?
`sudo iptables -t nat -A PR-QBS -p tcp --dport 53 -j DNAT --to-destination` (repeat for udp)

Apparently DNS requests reach the DNS qube, but the response gets stuck
somewhere midway...

On Thu, Jun 8, 2023 at 8:58 AM unman <un...@thirdeyesecurity.org> wrote:

> On Tue, Jun 06, 2023 at 01:24:18PM -0500, Leo28C wrote:
> > I managed to set up a pi-hole qube and make it my network's DNS
> > filtering/caching server. Ironically, it works flawlessly across my
> network
> > EXCEPT it completely breaks DNS for all other qubes in the same system.
> On
> > Debian-based qubes I figured out I can simply edit /etc/resolv.conf,
> while
> > making sure sys-firewall lets the two qubes talk to each other, as a
> > workaround. However this is a hacky per-qube solution and doesn't persist
> > across qube restarts. It would be nice to simply have sys-firewall relay
> > the information to all of its client qubes automatically. Any idea how to
> > do this?
> >
> > Thanks in advance!
> >
> You dont need to change the settings per qube at all.
> You haven't said *where* the pi-hole qube is located in your qubes
> network, or what the nature of the breakage is.
> I assume from what you say it is attached to sys-firewall.
> You can do this by editing the PR-QBS chain in nat table in
> sys-firewall.
> By default, this forwards all DNS traffic to and
> using dnat. Flush that chain and replace it with dnat rules to the IP
> address of your Pi-hole qube.
> You could do this in /rw/config/qubes-firewall-user-script or by script
> in /rw/config/qubes-firewall.d

You received this message because you are subscribed to the Google Groups 
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to qubes-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 

Reply via email to