Menu
▾
▴
Re: [Astlinux-users] Config NAT Loopback
|
From: David K. <da...@ke...> - 2022-07-22 15:43:14
|
The issue is when I am working from home and using my employer's VPN to connect to work, it takes over the network... even to the extent that it blocks firing up a 2nd VPN, for obvious security reasons. When I work from an office location I have no problems firing up my own VPN if I need to access something at home, that is not blocked as in the office I don't need my employer's VPN. David. On Fri, Jul 22, 2022 at 10:26 AM Lonnie Abelbeck <li...@lo...> wrote: > David, > > Thanks for closing the loop, indicating that solution works. > > Question, is there any reason you can't use WireGuard from work to > AstLinux, hence using your AstLinux local DNS within the tunnel? > > If your work outbound is filtered, you can enable the WireGuard -> > Firewall Options ... > > > to redirect WG UDP traffic to a different port at the AstLinux endpoint if > the standard UDP 51820 is blocked outbound. > > It goes without saying, don't do anything your employer forbids or could > get you in trouble. > > Lonnie > > > > > On Jul 22, 2022, at 7:23 AM, David Kerr <da...@ke...> wrote: > > I tested from outside and the firewall rules do block access. I've been > scratching my head for a long time now on how to solve the problem where my > employer's VPN takes over DNS. Complaints to our IT team did no good. But > now I have a work-around. > > David > > On Wed, Jul 20, 2022 at 11:59 AM Lonnie Abelbeck < > li...@lo...> wrote: > Hi David, > > Interesting ... yes, as you suggested, setting the NAT EXT->LAN "Source" > rule to only the local LAN(s) (ex. 192.168.1.0/24) should be what you > need to limit "loopback" to only local IPs for a particular NATed port. > > Can't say I ever needed that, but should work. > > Best to test hitting you external interface from the outside with the > associated "loopback" port and make sure it is not allowed in. > > Lonnie > > > > > > On Jul 20, 2022, at 8:31 AM, David Kerr <da...@ke...> wrote: > > > > Is it possible to configure NAT Loopback on its own... ie, without > opening NAT->LAN for all sources? > > > > I have a problem where my employer's VPN is hijacking DNS so name > resolution for my internal hosts is always getting routed to the VPN's > supplied DNS which will not resolve to my internal IP address, so traffic > is getting sent to my external IP address. > > > > Loopback works, I can set a port number to forward but I don't want to > open the firewall port to any external client, only to a client on my > internal network. > > > > It looks like I can set Source IP to e.g. 192.168.1.0/24 and that will > setup the firewall rules. But is that the best and/or safe way to do it? > > > > Thanks > > David > > _______________________________________________ > > Astlinux-users mailing list > > Ast...@li... > > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... > > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... > > > _______________________________________________ > Astlinux-users mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > pa...@kr.... |
