> > May 28 08:06:30 border000 kernel: [34372.977048] SW:fw2vpn1:DROP IN=
> > OUT=tun1 SRC=10.0.2.53 DST=10.254.254.1 LEN=143 TOS=0x00 PREC=0x00 TTL=64
> > ID=3671 PROTO=UDP SPT=63068 DPT=53 LEN=123
> Please forward the output of 'shorewall dump' taken after you have
> produced the above log message.
As mere luck would have it, amidst my incessant tweaking, I've 'changed
something'. Now, the traffic flows,
local/udp
May 28 13:51:59 border000 kernel: [54502.157446]
SW:[P4][TEST1]:ACCEPT IN= OUT=tun1 SRC=10.0.2.53 DST=10.254.254.1 LEN=145
TOS=0x00 PREC=0x00 TTL=64 ID=18088 PROTO=UDP SPT=24495 DPT=53 LEN=125
remote/tcp
May 28 13:51:59 vps000 kernel: [54743.048152]
SW:[P4]fw2vpn1:ACCEPT IN= OUT=tun1 SRC=10.254.254.1 DST=10.0.2.53 LEN=52
TOS=0x00 PREC=0x00 TTL=64 ID=59461 DF PROTO=TCP SPT=60797 DPT=53 WINDOW=29200
RES=0x00 SYN URGP=0
I'll figure out what actually fixed that problem in a bit.
Which brings me back to the original question: how/where to masq, dnat, etc so
that the SRC/DST=10.254.254.1, instead of reporting just the tunnel endpoint,
shows the actual SRC/DST=10.0.1.53 of the remote DNS server?
------------------------------------------------------------------------------
_______________________________________________
Shorewall-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/shorewall-users
