[ previous ] [ next ] [ threads ]
 From:  Francisco Artes <falcor at netassassin dot com>
 To:  Stefan Wiesinger <stefan at wie dash se dot net>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] mono ip rules
 Date:  Fri, 7 Jan 2011 23:02:53 -0800
Depends on how the VPN server is setup.  Remember it too can have a set of ACLs and may not have
been told to allow UDP 53.  Sometimes, depending on the VPN server, you have to tell it to allow DNS
lookup and to what DNS server.  Not knowing what it is means I am speculating, but this could well
be it.  

Now if you are seeing:
A block / Deny rule for "Source  port FOO destination UDP 53 "
Then I would double check the subnet / CIDR that you setup for the UDP rule and ensure it is the
entire /24.  You might have the CIDR wrong.  

Hope this helps.

On Jan 7, 2011, at 4:46 PM, Stefan Wiesinger wrote:

> hello.
> i use mono v1.32 with the following setup. i've already searched the mailing-list archive but
found no suitable answer.
> [MONO] --PPTPinternetConnection-- [ modem/internet]
> [MONO] --interface-- [ DNS-Server (LAN)]
> [MONO] --interface-- [ VPN-Server]
--VPNconnection-over-the-internet-- [VPN-Client]
> the vpn-clients are routed from the vpn-server to the rest of the networks.
> now i tried to allow the vpn-client to access the dns-server. i defined a fw-rule in den
ipv4-fw-rule for the interface on which the vpn-server is, to
> allow any traffic from any ip with destination UDP 53 and IP
> when i look into the firewall-rules-log i see that the packets from the vpn-clients are blocked,
but the packets from the vpn-server itself pass -->
> why? any ideas?
> the routing must be ok, otherwise i wouldn't see the dropped packets in the monowall-webif.
> hope anyone can help.
> thank's in advance,
> stefan wiesinger
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch