From: Artur U. <ar...@so...> - 2013-06-27 09:18:30
|
Poniższą wiadomość napisał(a) ma...@gm... w dniu 27.06.2013 09:19: > Sorry for the missing info here they are! > > Yes my dns server is on the firewall and listen on 199.148.1.1 and I'm also pushing a route > 199.148.1.0/24 to my vpn clients. > > MD > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > Subject: Re: [Shorewall-users] vpn clients using my own dns server > From: Tom Eastep <te...@sh...> > Date sent: Wed, 26 Jun 2013 19:18:07 -0700 > To: ma...@gm..., > Shorewall Users <sho...@li...> > >> >> On Jun 26, 2013, at 6:27 AM, ma...@gm... wrote: >> >>> Hello all and happy humpday! >>> >>> I'm using openvpn on a debian testing box and all of openvpn stuff >>> is working as expected!!!:) >>> >>> I'm scratching my head though on how to make my vpn clients use my >>> own dns server. >>> >>> Before posting here I tryed using this >>> post"http://www.mail-archive.com/sho...@li...urceforge.n >>> et/msg15095.html" and I also red the man page of >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! >>> >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet >>> access, the dns-entry of the clients pointing to my shorewall >>> interface eth0 at 199.148.1.1. the openvpn's subnet is >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do >>> is "translating" all dns request from openvpn "194.137.1.3" to my >>> local network's dns " 199.148.1.1". That way all trafic will go >>> through the vpn and no external dns are neded! >>> >>> I put down anyway what i so far come up with >>> vpn= openvpn >>> vijl= local network >>> running shorewall 4.5.17.1 >>> >>> /etc/shorewall/rules >>> >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - >>> 194.137.1.3 >>> >>> /etc/shorewall/masq >>> >>> eth0:194.137.1.3,199.148.1.0/24 >>> >>> Could any one shed light on how to do this!? >> >> There aren't enough details here to allow us to help you. What IP >> address(es) does your DNS server listen on? Does it run on the >> Firewall or on a host in 199.148.1.0/24? And are you pushing a route >> to 199.148.1.0/24 to the remote VPN gateway? >> Can't You just push 199.148.1.1 as dns server to vpn clients ? push "dhcp-option DNS 199.148.1.1" Then: /etc/shorewall/rules DNS(ACCEPT) vijl fw Regards -- Artur |