Hello all and happy humpday! I''m using openvpn on a debian testing box and all of openvpn stuff is working as expected!!!:) I''m scratching my head though on how to make my vpn clients use my own dns server. Before posting here I tryed using this post"http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg15095.html" and I also red the man page of /etc/shorewall/rules /etc/shorewall/masq but to no avail! My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet access, the dns-entry of the clients pointing to my shorewall interface eth0 at 199.148.1.1. the openvpn''s subnet is 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do is "translating" all dns request from openvpn "194.137.1.3" to my local network''s dns " 199.148.1.1". That way all trafic will go through the vpn and no external dns are neded! I put down anyway what i so far come up with vpn= openvpn vijl= local network running shorewall 4.5.17.1 /etc/shorewall/rules DNAT vijl vpn:199.148.1.1 tcp,udp 53 - 194.137.1.3 /etc/shorewall/masq eth0:194.137.1.3,199.148.1.0/24 Could any one shed light on how to do this!? MD ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
I''m at blaackberry i will be very shortly on response. You aren''t using a private network an this is your first trouble. Google for private networks and make this changes before get more networking problems. Best regards. Emiliano Emiliano Vazquez | PcCentro S.R.L. Office: +54 (11) 4635-7764 ext. 4 Celular: 15.6253.7165 Mail: emilianovazquez@gmail.com Web: http://www.pccentro.com.ar -----Original Message----- From: matdarf@gmail.com Date: Wed, 26 Jun 2013 15:27:03 To: <shorewall-users@lists.sourceforge.net> Reply-To: matdarf@gmail.com, Shorewall Users <shorewall-users@lists.sourceforge.net> Subject: [Shorewall-users] vpn clients using my own dns server Hello all and happy humpday! I''m using openvpn on a debian testing box and all of openvpn stuff is working as expected!!!:) I''m scratching my head though on how to make my vpn clients use my own dns server. Before posting here I tryed using this post"http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg15095.html" and I also red the man page of /etc/shorewall/rules /etc/shorewall/masq but to no avail! My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet access, the dns-entry of the clients pointing to my shorewall interface eth0 at 199.148.1.1. the openvpn''s subnet is 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do is "translating" all dns request from openvpn "194.137.1.3" to my local network''s dns " 199.148.1.1". That way all trafic will go through the vpn and no external dns are neded! I put down anyway what i so far come up with vpn= openvpn vijl= local network running shorewall 4.5.17.1 /etc/shorewall/rules DNAT vijl vpn:199.148.1.1 tcp,udp 53 - 194.137.1.3 /etc/shorewall/masq eth0:194.137.1.3,199.148.1.0/24 Could any one shed light on how to do this!? MD ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
Robert K Coffman Jr. -Info From Data Corp.
2013-Jun-26 15:43 UTC
Re: vpn clients using my own dns server
On 6/26/2013 10:08 AM, emilianovazquez@gmail.com wrote:> You aren''t using a private network an this is your first trouble.You can''t know this from the information provided. Also, the answer to the question won''t change based on the IP address range he is using. - Bob ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
On Jun 26, 2013, at 6:27 AM, matdarf@gmail.com wrote:> Hello all and happy humpday! > > I''m using openvpn on a debian testing box and all of openvpn stuff is working as expected!!!:) > > I''m scratching my head though on how to make my vpn clients use my own dns server. > > Before posting here I tryed using this > post"http://www.mail-archive.com/shorewall-users@lists.sourceforge.net/msg15095.html" > and I also red the man page of /etc/shorewall/rules /etc/shorewall/masq but to no avail! > > My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet access, the dns-entry > of the clients pointing to my shorewall interface eth0 at 199.148.1.1. the openvpn''s subnet is > 194.137.1.0/24 with a dns of 194.137.1.3. > So what I would like to do is "translating" all dns request from openvpn "194.137.1.3" to my > local network''s dns " 199.148.1.1". That way all trafic will go through the vpn and no external > dns are neded! > > I put down anyway what i so far come up with > vpn= openvpn > vijl= local network > running shorewall 4.5.17.1 > > /etc/shorewall/rules > > DNAT vijl vpn:199.148.1.1 tcp,udp 53 - 194.137.1.3 > > /etc/shorewall/masq > > eth0:194.137.1.3,199.148.1.0/24 > > Could any one shed light on how to do this!?There aren''t enough details here to allow us to help you. What IP address(es) does your DNS server listen on? Does it run on the Firewall or on a host in 199.148.1.0/24? And are you pushing a route to 199.148.1.0/24 to the remote VPN gateway? -Tom Tom Eastep \ Nothing is foolproof to a Shoreline, \ sufficiently talented fool Washington, USA \ http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
Sorry for the missing info here they are! Yes my dns server is on the firewall and listen on 199.148.1.1 and I''m also pushing a route 199.148.1.0/24 to my vpn clients. MD On 26 Jun 2013 at 19:18, Tom Eastep wrote: Subject: Re: [Shorewall-users] vpn clients using my own dns server From: Tom Eastep <teastep@shorewall.net> Date sent: Wed, 26 Jun 2013 19:18:07 -0700 To: matdarf@gmail.com, Shorewall Users <shorewall-users@lists.sourceforge.net>> > On Jun 26, 2013, at 6:27 AM, matdarf@gmail.com wrote: > > > Hello all and happy humpday! > > > > I''m using openvpn on a debian testing box and all of openvpn stuff > > is working as expected!!!:) > > > > I''m scratching my head though on how to make my vpn clients use my > > own dns server. > > > > Before posting here I tryed using this > > post"http://www.mail-archive.com/shorewall-users@lists.sourceforge.n > > et/msg15095.html" and I also red the man page of > > /etc/shorewall/rules /etc/shorewall/masq but to no avail! > > > > My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet > > access, the dns-entry of the clients pointing to my shorewall > > interface eth0 at 199.148.1.1. the openvpn''s subnet is > > 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do > > is "translating" all dns request from openvpn "194.137.1.3" to my > > local network''s dns " 199.148.1.1". That way all trafic will go > > through the vpn and no external dns are neded! > > > > I put down anyway what i so far come up with > > vpn= openvpn > > vijl= local network > > running shorewall 4.5.17.1 > > > > /etc/shorewall/rules > > > > DNAT vijl vpn:199.148.1.1 tcp,udp 53 - > > 194.137.1.3 > > > > /etc/shorewall/masq > > > > eth0:194.137.1.3,199.148.1.0/24 > > > > Could any one shed light on how to do this!? > > There aren''t enough details here to allow us to help you. What IP > address(es) does your DNS server listen on? Does it run on the > Firewall or on a host in 199.148.1.0/24? And are you pushing a route > to 199.148.1.0/24 to the remote VPN gateway? > > -Tom > > Tom Eastep \ Nothing is foolproof to a > Shoreline, \ sufficiently talented fool > Washington, USA \ > http://shorewall.net \________________________________________________ >------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
Poniższą wiadomość napisał(a) matdarf@gmail.com w dniu 27.06.2013 09:19:> Sorry for the missing info here they are! > > Yes my dns server is on the firewall and listen on 199.148.1.1 and I'm also pushing a route > 199.148.1.0/24 to my vpn clients. > > MD > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > Subject: Re: [Shorewall-users] vpn clients using my own dns server > From: Tom Eastep <teastep@shorewall.net> > Date sent: Wed, 26 Jun 2013 19:18:07 -0700 > To: matdarf@gmail.com, > Shorewall Users <shorewall-users@lists.sourceforge.net> > >> >> On Jun 26, 2013, at 6:27 AM, matdarf@gmail.com wrote: >> >>> Hello all and happy humpday! >>> >>> I'm using openvpn on a debian testing box and all of openvpn stuff >>> is working as expected!!!:) >>> >>> I'm scratching my head though on how to make my vpn clients use my >>> own dns server. >>> >>> Before posting here I tryed using this >>> post"http://www.mail-archive.com/shorewall-users@lists.sourceforge.n >>> et/msg15095.html" and I also red the man page of >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! >>> >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet >>> access, the dns-entry of the clients pointing to my shorewall >>> interface eth0 at 199.148.1.1. the openvpn's subnet is >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do >>> is "translating" all dns request from openvpn "194.137.1.3" to my >>> local network's dns " 199.148.1.1". That way all trafic will go >>> through the vpn and no external dns are neded! >>> >>> I put down anyway what i so far come up with >>> vpn= openvpn >>> vijl= local network >>> running shorewall 4.5.17.1 >>> >>> /etc/shorewall/rules >>> >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - >>> 194.137.1.3 >>> >>> /etc/shorewall/masq >>> >>> eth0:194.137.1.3,199.148.1.0/24 >>> >>> Could any one shed light on how to do this!? >> >> There aren't enough details here to allow us to help you. What IP >> address(es) does your DNS server listen on? Does it run on the >> Firewall or on a host in 199.148.1.0/24? And are you pushing a route >> to 199.148.1.0/24 to the remote VPN gateway? >>Can't You just push 199.148.1.1 as dns server to vpn clients ? push "dhcp-option DNS 199.148.1.1" Then: /etc/shorewall/rules DNS(ACCEPT) vijl fw Regards -- Artur ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
On Jun 27, 2013, at 12:19 AM, matdarf@gmail.com wrote:> Sorry for the missing info here they are! > > Yes my dns server is on the firewall and listen on 199.148.1.1 and I''m also pushing a route > 199.148.1.0/24 to my vpn clients.Then why not simply configure the remote system(s) to use 199.148.1.1 for DNS and add an ACCEPT rule for both UDP and TCP port 53 from the VPN zone to the firewall zone? -Tom> > > MD > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > Subject: Re: [Shorewall-users] vpn clients using my own dns server > From: Tom Eastep <teastep@shorewall.net> > Date sent: Wed, 26 Jun 2013 19:18:07 -0700 > To: matdarf@gmail.com, > Shorewall Users <shorewall-users@lists.sourceforge.net> > >> >> On Jun 26, 2013, at 6:27 AM, matdarf@gmail.com wrote: >> >>> Hello all and happy humpday! >>> >>> I''m using openvpn on a debian testing box and all of openvpn stuff >>> is working as expected!!!:) >>> >>> I''m scratching my head though on how to make my vpn clients use my >>> own dns server. >>> >>> Before posting here I tryed using this >>> post"http://www.mail-archive.com/shorewall-users@lists.sourceforge.n >>> et/msg15095.html" and I also red the man page of >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! >>> >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for internet >>> access, the dns-entry of the clients pointing to my shorewall >>> interface eth0 at 199.148.1.1. the openvpn''s subnet is >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to do >>> is "translating" all dns request from openvpn "194.137.1.3" to my >>> local network''s dns " 199.148.1.1". That way all trafic will go >>> through the vpn and no external dns are neded! >>> >>> I put down anyway what i so far come up with >>> vpn= openvpn >>> vijl= local network >>> running shorewall 4.5.17.1 >>> >>> /etc/shorewall/rules >>> >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - >>> 194.137.1.3 >>> >>> /etc/shorewall/masq >>> >>> eth0:194.137.1.3,199.148.1.0/24 >>> >>> Could any one shed light on how to do this!? >> >> There aren''t enough details here to allow us to help you. What IP >> address(es) does your DNS server listen on? Does it run on the >> Firewall or on a host in 199.148.1.0/24? And are you pushing a route >> to 199.148.1.0/24 to the remote VPN gateway? >> >> -Tom >> >> Tom Eastep \ Nothing is foolproof to a >> Shoreline, \ sufficiently talented fool >> Washington, USA \ >> http://shorewall.net \________________________________________________ >> > > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-usersTom Eastep \ Nothing is foolproof to a Shoreline, \ sufficiently talented fool Washington, USA \ http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
the solution offered by Tom Eastep and Artur Uszy´nski which by the way makes sens does not work!!!:) Probably something in bind 9 not properly configured! The reasons I was and still hoping to "translate" the dns served on the vpn clients to the dns use in my local network are: -- it looks to be doable with shorewall -- it seems to be for now a simpple fix to put in place! I''m planning to understand how to use bind9 to make a zone for the vpn but for now bind is not my best friend!!!:) It would be really awesome if you could help me in that way! MD p.s. linux is a wwunderful thing when you know how to do it!!!:) On 27 Jun 2013 at 7:45, Tom Eastep wrote: Subject: Re: [Shorewall-users] vpn clients using my own dns server From: Tom Eastep <teastep@shorewall.net> Date sent: Thu, 27 Jun 2013 07:45:58 -0700 To: matdarf@gmail.com, Shorewall Users <shorewall-users@lists.sourceforge.net>> > On Jun 27, 2013, at 12:19 AM, matdarf@gmail.com wrote: > > > Sorry for the missing info here they are! > > > > Yes my dns server is on the firewall and listen on 199.148.1.1 and > > I''m also pushing a route 199.148.1.0/24 to my vpn clients. > > Then why not simply configure the remote system(s) to use 199.148.1.1 > for DNS and add an ACCEPT rule for both UDP and TCP port 53 from the > VPN zone to the firewall zone? > > -Tom > > > > > > > MD > > > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > > > Subject: Re: [Shorewall-users] vpn clients using my own dns > > server From: Tom Eastep <teastep@shorewall.net> Date > > sent: Wed, 26 Jun 2013 19:18:07 -0700 To: > > matdarf@gmail.com, Shorewall Users > > <shorewall-users@lists.sourceforge.net> > > > >> > >> On Jun 26, 2013, at 6:27 AM, matdarf@gmail.com wrote: > >> > >>> Hello all and happy humpday! > >>> > >>> I''m using openvpn on a debian testing box and all of openvpn stuff > >>> is working as expected!!!:) > >>> > >>> I''m scratching my head though on how to make my vpn clients use > >>> my own dns server. > >>> > >>> Before posting here I tryed using this > >>> post"http://www.mail-archive.com/shorewall-users@lists.sourceforge > >>> .n et/msg15095.html" and I also red the man page of > >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! > >>> > >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for > >>> internet access, the dns-entry of the clients pointing to my > >>> shorewall interface eth0 at 199.148.1.1. the openvpn''s subnet is > >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to > >>> do is "translating" all dns request from openvpn "194.137.1.3" to > >>> my local network''s dns " 199.148.1.1". That way all trafic will go > >>> through the vpn and no external dns are neded! > >>> > >>> I put down anyway what i so far come up with > >>> vpn= openvpn > >>> vijl= local network > >>> running shorewall 4.5.17.1 > >>> > >>> /etc/shorewall/rules > >>> > >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - > >>> 194.137.1.3 > >>> > >>> /etc/shorewall/masq > >>> > >>> eth0:194.137.1.3,199.148.1.0/24 > >>> > >>> Could any one shed light on how to do this!? > >> > >> There aren''t enough details here to allow us to help you. What IP > >> address(es) does your DNS server listen on? Does it run on the > >> Firewall or on a host in 199.148.1.0/24? And are you pushing a > >> route to 199.148.1.0/24 to the remote VPN gateway? > >> > >> -Tom > >> > >> Tom Eastep \ Nothing is foolproof to a > >> Shoreline, \ sufficiently talented fool > >> Washington, USA \ > >> http://shorewall.net > >> \________________________________________________ > >> > > > > > > > > -------------------------------------------------------------------- > > ---------- This SF.net email is sponsored by Windows: > > > > Build for Windows Store. > > > > http://p.sf.net/sfu/windows-dev2dev > > _______________________________________________ > > Shorewall-users mailing list > > Shorewall-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/shorewall-users > > Tom Eastep \ Nothing is foolproof to a > Shoreline, \ sufficiently talented fool > Washington, USA \ > http://shorewall.net \________________________________________________ >------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
On 06/27/2013 02:44 PM, matdarf@gmail.com wrote:> the solution offered by Tom Eastep and Artur Uszy´nski which by the > way makes sens does not work!!!:) Probably something in bind 9 not > properly configured! > > The reasons I was and still hoping to "translate" the dns served on > the vpn clients to the dns use in my local network are: > -- it looks to be doable with shorewall > -- it seems to be for now a simpple fix to put in place! > > I''m planning to understand how to use bind9 to make a zone for the > vpn but for now bind is not my best friend!!!:) > > It would be really awesome if you could help me in that way!You are going to have to tell us more than ''it doesn''t work'' if you want our help. See http://www.shorewall.net/support.htm#Guidelines. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev
I got it working thanks for the hint though!!!:) MD On 27 Jun 2013 at 11:01, Artur Uszy´nski wrote: Date sent: Thu, 27 Jun 2013 11:01:02 +0200 From: Artur UszyÅ"ski <arus@so.com.pl> To: matdarf@gmail.com, Shorewall Users <shorewall-users@lists.sourceforge.net> Subject: Re: [Shorewall-users] vpn clients using my own dns server> Ponizsza wiadomo´s´c napisal(a) matdarf@gmail.com w dniu 27.06.2013 > 09:19: > > > Sorry for the missing info here they are! > > > > Yes my dns server is on the firewall and listen on 199.148.1.1 and > > I''m also pushing a route 199.148.1.0/24 to my vpn clients. MD > > > > On 26 Jun 2013 at 19:18, Tom Eastep wrote: > > > > Subject: Re: [Shorewall-users] vpn clients using my own dns > > server From: Tom Eastep <teastep@shorewall.net> Date > > sent: Wed, 26 Jun 2013 19:18:07 -0700 To: > > matdarf@gmail.com, Shorewall Users > > <shorewall-users@lists.sourceforge.net> > > > >> > >> On Jun 26, 2013, at 6:27 AM, matdarf@gmail.com wrote: > >> > >>> Hello all and happy humpday! > >>> > >>> I''m using openvpn on a debian testing box and all of openvpn stuff > >>> is working as expected!!!:) > >>> > >>> I''m scratching my head though on how to make my vpn clients use > >>> my own dns server. > >>> > >>> Before posting here I tryed using this > >>> post"http://www.mail-archive.com/shorewall-users@lists.sourceforge > >>> .n et/msg15095.html" and I also red the man page of > >>> /etc/shorewall/rules /etc/shorewall/masq but to no avail! > >>> > >>> My local subnet is on 199.148.1.0/24 masquerade on eth1 for > >>> internet access, the dns-entry of the clients pointing to my > >>> shorewall interface eth0 at 199.148.1.1. the openvpn''s subnet is > >>> 194.137.1.0/24 with a dns of 194.137.1.3. So what I would like to > >>> do is "translating" all dns request from openvpn "194.137.1.3" to > >>> my local network''s dns " 199.148.1.1". That way all trafic will go > >>> through the vpn and no external dns are neded! > >>> > >>> I put down anyway what i so far come up with > >>> vpn= openvpn > >>> vijl= local network > >>> running shorewall 4.5.17.1 > >>> > >>> /etc/shorewall/rules > >>> > >>> DNAT vijl vpn:199.148.1.1 tcp,udp 53 - > >>> 194.137.1.3 > >>> > >>> /etc/shorewall/masq > >>> > >>> eth0:194.137.1.3,199.148.1.0/24 > >>> > >>> Could any one shed light on how to do this!? > >> > >> There aren''t enough details here to allow us to help you. What IP > >> address(es) does your DNS server listen on? Does it run on the > >> Firewall or on a host in 199.148.1.0/24? And are you pushing a > >> route to 199.148.1.0/24 to the remote VPN gateway? > >> > > > Can''t You just push 199.148.1.1 as dns server to vpn clients ? > > push "dhcp-option DNS 199.148.1.1" > > Then: > > /etc/shorewall/rules > > DNS(ACCEPT) vijl fw > > Regards > -- > Artur > > >------------------------------------------------------------------------------ This SF.net email is sponsored by Windows: Build for Windows Store. http://p.sf.net/sfu/windows-dev2dev