Sorry for the missing info here they are!
Yes my dns server is on the firewall and listen on 199.148.1.1 and I'm also
pushing a route
199.148.1.0/24 to my vpn clients.
MD
On 26 Jun 2013 at 19:18, Tom Eastep wrote:
Subject: Re: [Shorewall-users] vpn clients using my own dns
server
From: Tom Eastep <[email protected]>
Date sent: Wed, 26 Jun 2013 19:18:07 -0700
To: [email protected],
Shorewall Users <[email protected]>
>
> On Jun 26, 2013, at 6:27 AM, [email protected] wrote:
>
> > Hello all and happy humpday!
> >
> > I'm using openvpn on a debian testing box and all of openvpn stuff
> > is working as expected!!!:)
> >
> > I'm scratching my head though on how to make my vpn clients use my
> > own dns server.
> >
> > Before posting here I tryed using this
> > post"http://www.mail-archive.com/[email protected]
> > et/msg15095.html" and I also red the man page of
> > /etc/shorewall/rules /etc/shorewall/masq but to no avail!
> >
> > My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet
> > access, the dns-entry of the clients pointing to my shorewall
> > interface eth0 at 199.148.1.1. the openvpn's subnet is
> > 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do
> > is "translating" all dns request from openvpn "194.137.1.3" to my
> > local network's dns " 199.148.1.1". That way all trafic will go
> > through the vpn and no external dns are neded!
> >
> > I put down anyway what i so far come up with
> > vpn= openvpn
> > vijl= local network
> > running shorewall 4.5.17.1
> >
> > /etc/shorewall/rules
> >
> > DNAT vijl vpn:199.148.1.1 tcp,udp 53 -
> > 194.137.1.3
> >
> > /etc/shorewall/masq
> >
> > eth0:194.137.1.3,199.148.1.0/24
> >
> > Could any one shed light on how to do this!?
>
> There aren't enough details here to allow us to help you. What IP
> address(es) does your DNS server listen on? Does it run on the
> Firewall or on a host in 199.148.1.0/24? And are you pushing a route
> to 199.148.1.0/24 to the remote VPN gateway?
>
> -Tom
>
> Tom Eastep \ Nothing is foolproof to a
> Shoreline, \ sufficiently talented fool
> Washington, USA \
> http://shorewall.net \________________________________________________
>
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:
Build for Windows Store.
http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
