On Wed, 2022-01-12 at 18:59 -0600, Justin Pryzby wrote: > > You need to make sure the reply is coming by way of the shorewall > system. > Which can then apply SNAT rules.
Yes, I was able to solve the problem with the following in the snat file: MASQUERADE - br-lan udp 53 and while I was at it I added a: MASQUERADE - br-lan udp 123 since I also redirect NTP queries to an internal NTP server. Ultimately, I suppose I was just hoping there was a more atomic way of creating a single rule redirecting traffic coming from the LAN zone that was heading to the Internet zone back onto LAN, intending to spoof the Internet host. Exactly as one would want if one wanted to have one's local DNS answer queries for any Internet-zoned DNS server. Or NTP server, etc. Cheers, b.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
