I'm continuing switching from StaticIP network connections to dynamic,
tunneling server traffic to remote VPS' for needed static addressing.
Redirecting DNS server axfr notifications from a local machine, over an IPv4
vpn, to a remote/secondary DNS I have a simple layout
------------
DNS Local
listen IP = 10.0.1.53
------------
|
------------
VPN local tunnel endpoint
IP = 10.254.254.1
------------
|
|
|
------------
VPN remote tunnel endpoint
IP = 10.254.254.2
------------
|
------------
DNS Remote
listen IP = 10.0.2.53
------------
Atm, when 'DNS Local' notifies 'DNS remote', there's contact between the two,
May 27 20:02:26 test kernel: [193718.895424] Shorewall:fw2vpn1:ACCEPT
IN= OUT=tun1 SRC=10.254.254.1 DST=10.0.2.53 LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=2565 DF PROTO=TCP SPT=46491 DPT=53 WINDOW=29200 RES=0x00 SYN URGP=0
but the SRC= address is the 'VPN remote tunnel endpoint', rather than the 'DNS
local' IP.
to make that SRC=10.0.1.53 is this a SHOREWALL/masq entry? or a DNAT rule?
I've not managed to affect that address.
/masq entries over the external intf do what they're supposed to. I suspect
both syntax and location, and too long staring at this.
An example that'd do it?
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
