[Dnsmasq-discuss] dnsmasq forwarding queries over VPN/IPSec
Ken Bantoft
ken at netfunctional.ca
Mon Sep 28 16:08:26 BST 2009
On 28-Sep-09, at 11:03 AM, Simon Kelley wrote:
> Ken Bantoft wrote:
>> Hi,
>> I've run into a case where I'd like dnsmasq to forward queries over
>> an IPSec VPN tunnel to nameservers on the far side, but this
>> doesn't seem to work as expected.
>> I've got 2 Interfaces - br-lan (192.168.1.1) and ppp0 (PPPoE -
>> 216.x.x.x). IPsec is terminated on the same machine, so it has a
>> tunnel from 192.168.0.0/24 to 10.0.0.0/8.
>> dnsmasq is set to forward all queries to 10.x.x.10 and 10.x.y.10
>> nameservers, which are across the tunnel in the datacenter. What
>> I'm seeing with tcpdump is the requests going out the ppp0
>> interface, with the 216.x.x.x IP address. I've tried a variety of
>> options (bind- interfaces, listen-address), as I really want
>> dnsmasq to bind only to the br-lan interface, and use that address
>> as the Source IP for the forwarded queries, but no combination
>> I've tried does the trick.
>> Any suggestions?
>
> Stop dnsmasq from looking for servers in /etc/resolv.conf with
>
> no-resolv
>
> in /etc/dnsmasq.conf and then specify them using "server=" lines in /
> etc/dnsmasq.conf like this
>
> server=10.x.x.10 at br-lan
> server=10.x.y.10 at br-lan
>
>
> We've been here before....
That was my 1st step... so I do see it sending the requests to 10.x.x.
10 and 10.x.y.10 as expected - just out the wrong interface...
Ken
More information about the Dnsmasq-discuss
mailing list