the solution offered by Tom Eastep and Artur Uszy´nski which by the way makes sens does not work!!!:) Probably something in bind 9 not properly configured!
The reasons I was and still hoping to "translate" the dns served on the vpn clients to the dns use in my local network are: -- it looks to be doable with shorewall -- it seems to be for now a simpple fix to put in place! I'm planning to understand how to use bind9 to make a zone for the vpn but for now bind is not my best friend!!!:) It would be really awesome if you could help me in that way! MD p.s. linux is a wwunderful thing when you know how to do it!!!:) On 27 Jun 2013 at 7:45, Tom Eastep wrote: Subject: Re: [Shorewall-users] vpn clients using my own dns server From: Tom Eastep <[email protected]> Date sent: Thu, 27 Jun 2013 07:45:58 -0700 To: [email protected], Shorewall Users <[email protected]> > > On Jun 27, 2013, at 12:19 AM, [email protected] wrote: > > > Sorry for the missing info here they are! > > > > Yes my dns server is on the firewall and listen on 199.148.1.1 and > > I'm also pushing a route 199.148.1.0/24 to my vpn clients. > > Then why not simply configure the remote system(s) to use 199.148.1.1 > for DNS and add an ACCEPT rule for both UDP and TCP port 53 from the > VPN zone to the firewall zone? > > -Tom > > > > > > > MD > > > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > > > Subject: Re: [Shorewall-users] vpn clients using my own dns > > server From: Tom Eastep <[email protected]> Date > > sent: Wed, 26 Jun 2013 19:18:07 -0700 To: > > [email protected], Shorewall Users > > <[email protected]> > > > >> > >> On Jun 26, 2013, at 6:27 AM, [email protected] wrote: > >> > >>> Hello all and happy humpday! > >>> > >>> I'm using openvpn on a debian testing box and all of openvpn stuff > >>> is working as expected!!!:) > >>> > >>> I'm scratching my head though on how to make my vpn clients use > >>> my own dns server. > >>> > >>> Before posting here I tryed using this > >>> post"http://www.mail-archive.com/[email protected] > >>> .n et/msg15095.html" and I also red the man page of > >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! > >>> > >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for > >>> internet access, the dns-entry of the clients pointing to my > >>> shorewall interface eth0 at 199.148.1.1. the openvpn's subnet is > >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to > >>> do is "translating" all dns request from openvpn "194.137.1.3" to > >>> my local network's dns " 199.148.1.1". That way all trafic will go > >>> through the vpn and no external dns are neded! > >>> > >>> I put down anyway what i so far come up with > >>> vpn= openvpn > >>> vijl= local network > >>> running shorewall 4.5.17.1 > >>> > >>> /etc/shorewall/rules > >>> > >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - > >>> 194.137.1.3 > >>> > >>> /etc/shorewall/masq > >>> > >>> eth0:194.137.1.3,199.148.1.0/24 > >>> > >>> Could any one shed light on how to do this!? > >> > >> There aren't enough details here to allow us to help you. What IP > >> address(es) does your DNS server listen on? Does it run on the > >> Firewall or on a host in 199.148.1.0/24? And are you pushing a > >> route to 199.148.1.0/24 to the remote VPN gateway? > >> > >> -Tom > >> > >> Tom Eastep \ Nothing is foolproof to a > >> Shoreline, \ sufficiently talented fool > >> Washington, USA \ > >> http://shorewall.net > >> \________________________________________________ > >> > > > > > > > > -------------------------------------------------------------------- > > ---------- This SF.net email is sponsored by Windows: > > > > Build for Windows Store. > > > > http://p.sf.net/sfu/windows-dev2dev > > _______________________________________________ > > Shorewall-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > Tom Eastep \ Nothing is foolproof to a > Shoreline, \ sufficiently talented fool > Washington, USA \ > http://shorewall.net \________________________________________________ > ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
