Menu
▾
▴
Re: [Astlinux-users] Config NAT Loopback
|
From: Lonnie A. <li...@lo...> - 2022-07-22 14:26:42
|
David, Thanks for closing the loop, indicating that solution works. Question, is there any reason you can't use WireGuard from work to AstLinux, hence using your AstLinux local DNS within the tunnel? If your work outbound is filtered, you can enable the WireGuard -> Firewall Options ... to redirect WG UDP traffic to a different port at the AstLinux endpoint if the standard UDP 51820 is blocked outbound. It goes without saying, don't do anything your employer forbids or could get you in trouble. Lonnie > On Jul 22, 2022, at 7:23 AM, David Kerr <da...@ke...> wrote: > > I tested from outside and the firewall rules do block access. I've been scratching my head for a long time now on how to solve the problem where my employer's VPN takes over DNS. Complaints to our IT team did no good. But now I have a work-around. > > David > > On Wed, Jul 20, 2022 at 11:59 AM Lonnie Abelbeck <li...@lo...> wrote: > Hi David, > > Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source" rule to only the local LAN(s) (ex. 192.168.1.0/24) should be what you need to limit "loopback" to only local IPs for a particular NATed port. > > Can't say I ever needed that, but should work. > > Best to test hitting you external interface from the outside with the associated "loopback" port and make sure it is not allowed in. > > Lonnie > > > > > > On Jul 20, 2022, at 8:31 AM, David Kerr <da...@ke...> wrote: > > > > Is it possible to configure NAT Loopback on its own... ie, without opening NAT->LAN for all sources? > > > > I have a problem where my employer's VPN is hijacking DNS so name resolution for my internal hosts is always getting routed to the VPN's supplied DNS which will not resolve to my internal IP address, so traffic is getting sent to my external IP address. > > > > Loopback works, I can set a port number to forward but I don't want to open the firewall port to any external client, only to a client on my internal network. > > > > It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will setup the firewall rules. But is that the best and/or safe way to do it? > > > > Thanks > > David > > _______________________________________________ > > Astlinux-users mailing list > > Ast...@li... > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to pa...@kr.... |
