tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Question about wg(4)
Konrad Schroder <perseant%hhhh.org@localhost> writes:
> wm0 = 192.0.2.123 bge0 = 198.51.100.45
>
> Stationary server: Roaming client:
> +---------+ +---------+
> | A | | B |
> |---------| |---------|
> | [wm0]-------------internet--------[bge0] |
> | [wg0] port 1234 - - - (tunnel) - - - - - - [wg0] |
> | 10.0.1.0 | 10.0.1.1 |
> | | | | |
> +--[wm1]--+ +-----------------+ +---------+
> | | VPN 10.0.1.0/24 |
> | +-----------------+
> +-----------------+
> | LAN 10.0.0.0/24 |
> +-----------------+
I have a somewhat similar situation, where I want clients inside my own
network to talk to a dual hosted machine over the inside address, and
not the external, official, address it has in DNS.
Since I use PowerDNS, with dnsdist in front of both authoritative and
recursive servers, I could modify the DNS response there. In the case
of the network you drew, the dnsdist code would be something like:
inside_ips = newNMG()
inside_ips:addMask('10.0.0.0/24')
addAction(AndRule({NetmaskGroupRule(inside_ips),
QNameRule('thatserver.your.domain.'),
QTypeRule(DNSQType.A)}),
SpoofAction('10.0.1.1', {ttl=3600}))
This neatly lets any other records for the server (anything that isn't
an A record) be delivered unaltered to the inside clients, modifying
only the response to A queries in particular.
-tih
--
Puppies are cute.
Home |
Main Index |
Thread Index |
Old Index