On 12/18/18 11:58 PM, HÖGLUND, Göran via Shorewall-users wrote: > Thanks for the tip, did not help though or maybe enabled in the wrong place. > I inserted the command in the openvpn init script when the tunnel is > successfully up running. > > Changing 1 to 0 in tun9.status in the client cleared the warning. > > It must be a simple miss I've made > > > Running on server and nothing comes out. > tcpdump -i tun0 udp port 53 > > Running on client > 07:50:09.922232 IP 172.29.71.195.52801 > 10.0.0.6.domain: 50186+ A? > www.msftconnecttest.com. (41)
That is using tcpdump on the firewall's tun9 interface? > > Shorewall show routing shows > 10.0.0.6 via 10.89.1.249 dev tun9 > In main table. > > Info in policy file produces the expected output of blocked traffic in the > syslog, this traffic is completely lost, I can only see it hitting the tunnel > on the client side. > Same domain look up from firewall works perfect. > > Beats me. > Me too. -Tom -- Tom Eastep \ Q: What do you get when you cross a mobster with Shoreline, \ an international standard? Washington, USA \ A: Someone who makes you an offer you can't http://shorewall.org \ understand \_______________________________________________
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
