On Thu, May 28, 2015, at 08:13 AM, Tom Eastep wrote:
> Is the remote DNS server running on the VPN endpoint server?
Yes, the remote DNS is on the remote VPN endpoint server; it's a hosted linux
VPS.
This DNS will stay this way.
Also, the local DNS in on the local VPN endpoint server; it's a standalone
linux box.
This DNS will, *eventually*, be migrated to a Xen Guest on the local LAN,
behind this server.
The current 'physical' layout is
--------------------------
Remote VPS
ETH0: 1.2.3.4
DUMMY0: 10.0.1.53 < remote DNS listens/talks on this IP:53
TUN1: 10.254.254.1
--------------------------
|
|
--------------------------
Local Router
ETH0: 5.6.7.8
ETH1: 10.0.2.53 < local DNS listens/talks on this IP:53
TUN1: 10.254.254.2
--------------------------
Fwiw, doing some testing, with 'last' SHOREWALL/rules,
ACCEPT:info:[T1] $FW:10.0.2.53 vpn1:10.254.254.1 udp,tcp 53
ACCEPT:info:[T2] $FW:10.0.2.53 vpn1 udp,tcp 53
DROP:info:[T3] all all udp,tcp 53
on comms from local->remote DNS, fails to pass this traffic
May 28 08:06:30 border000 kernel: [34372.977048] SW:fw2vpn1:DROP IN=
OUT=tun1 SRC=10.0.2.53 DST=10.254.254.1 LEN=143 TOS=0x00 PREC=0x00 TTL=64
ID=3671 PROTO=UDP SPT=63068 DPT=53 LEN=123
Which has me stymied atm, and I suspect has to do with this wrong-address issue
at hand.
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
