Hi,
I've a FreeBSD firewall setup that has named listening on internal LAN. The firewall setup also contains a IPSec road warrior setup.
I'd like to ensure that all DNS traffic goes to my named, instead of any other DNS. This is to ensure that internal hostnames are being resolved, hence, I put in this rule:
The rule works well on internal LAN ($int_if). However, no traffic gone through from enc0, where all IPSec unencrypted traffic goes through.
My VPN setup is perfectly fine except for this, after VPN is established I can ping and route any servers properly. DNS lookup going to $int_if:0 (named listening on internal LAN) also works fine.
The VPN segment is different from the internal LAN segment.
Anyone knows anything I miss or I just discovered a bug?
I've a FreeBSD firewall setup that has named listening on internal LAN. The firewall setup also contains a IPSec road warrior setup.
I'd like to ensure that all DNS traffic goes to my named, instead of any other DNS. This is to ensure that internal hostnames are being resolved, hence, I put in this rule:
Code:
rdr pass on {$int_if,enc0} inet proto {tcp,udp} from any to !($int_if:0) port 53 -> ($int_if:0) port 53The rule works well on internal LAN ($int_if). However, no traffic gone through from enc0, where all IPSec unencrypted traffic goes through.
My VPN setup is perfectly fine except for this, after VPN is established I can ping and route any servers properly. DNS lookup going to $int_if:0 (named listening on internal LAN) also works fine.
The VPN segment is different from the internal LAN segment.
Anyone knows anything I miss or I just discovered a bug?
