Looks like Google has upped the ante with Chromecasts and it's no longer sufficient to just block external DNS queries and expect the Chromecast devices to fall-back to the DHCP supplied local DNS resolvers.
Looks like we are going to have to up the game to redirecting DNS requests to the internal server and forging the responses as being from the external server the queries were directed at. So I have added a rules entry: DNS/DNAT loc:!10.75.22.247 $INT_DNS where 10.75.22.247 is the internal DNS server. That seems to result in local queries that were going to say, 8.8.8.8 being redirected to the internal server. But the problem is that the replies are coming back from the internal server's address and being rejected by the originator. The replies need to forge the request destination address. Any thoughts on how this can be accomplished? Cheers, b. _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
