On Jun 27, 2013, at 12:19 AM, [email protected] wrote: > Sorry for the missing info here they are! > > Yes my dns server is on the firewall and listen on 199.148.1.1 and I'm also > pushing a route > 199.148.1.0/24 to my vpn clients.
Then why not simply configure the remote system(s) to use 199.148.1.1 for DNS and add an ACCEPT rule for both UDP and TCP port 53 from the VPN zone to the firewall zone? -Tom > > > MD > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > Subject: Re: [Shorewall-users] vpn clients using my own dns > server > From: Tom Eastep <[email protected]> > Date sent: Wed, 26 Jun 2013 19:18:07 -0700 > To: [email protected], > Shorewall Users <[email protected]> > >> >> On Jun 26, 2013, at 6:27 AM, [email protected] wrote: >> >>> Hello all and happy humpday! >>> >>> I'm using openvpn on a debian testing box and all of openvpn stuff >>> is working as expected!!!:) >>> >>> I'm scratching my head though on how to make my vpn clients use my >>> own dns server. >>> >>> Before posting here I tryed using this >>> post"http://www.mail-archive.com/[email protected] >>> et/msg15095.html" and I also red the man page of >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! >>> >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet >>> access, the dns-entry of the clients pointing to my shorewall >>> interface eth0 at 199.148.1.1. the openvpn's subnet is >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do >>> is "translating" all dns request from openvpn "194.137.1.3" to my >>> local network's dns " 199.148.1.1". That way all trafic will go >>> through the vpn and no external dns are neded! >>> >>> I put down anyway what i so far come up with >>> vpn= openvpn >>> vijl= local network >>> running shorewall 4.5.17.1 >>> >>> /etc/shorewall/rules >>> >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - >>> 194.137.1.3 >>> >>> /etc/shorewall/masq >>> >>> eth0:194.137.1.3,199.148.1.0/24 >>> >>> Could any one shed light on how to do this!? >> >> There aren't enough details here to allow us to help you. What IP >> address(es) does your DNS server listen on? Does it run on the >> Firewall or on a host in 199.148.1.0/24? And are you pushing a route >> to 199.148.1.0/24 to the remote VPN gateway? >> >> -Tom >> >> Tom Eastep \ Nothing is foolproof to a >> Shoreline, \ sufficiently talented fool >> Washington, USA \ >> http://shorewall.net \________________________________________________ >> > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Shorewall-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/shorewall-users Tom Eastep \ Nothing is foolproof to a Shoreline, \ sufficiently talented fool Washington, USA \ http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
