Le samedi 29 mars 2014 17:56:44, vous avez écrit :
> On 29 Mar 2014 at 22:10, Stéphane Guedon wrote:
> > Hello
> >
> > I am currently trying to run two nameserver on the same Openbsd
> > server.
> >
> > The first one is an autoritative (let's say bind or nsd, no one
> > cares).
> > the second will be dnsmasq.
> >
> > You guess the objective of the construction : give local answers
> > from dhcp leases to local requests, and give autoritatives for
> > the internet requests.
> >
> > That's for the presentation.
> >
> > I can run dnsmasq on a different port, but how do I give my local
> > hosts
> > the idea of interrogating a non standard dns port ?
> > Then I though I could drive the traffic from my LAN to the port
> > where dnsmasq is running on.
> >
> > so here is pf conf (obviously expurged) :
> >
> > #######
> >
> > table <localnet> { local addresses }
> >
> > # common
> > pass in log on egress proto { tcp, udp } from any to re0 port
> > domain
> >
> > # local
> > pass in quick log on re0 inet proto { udp,tcp } from
<localnet>
> > port domain rdr-to 127.0.0.1 port 5353
>
> unless I'm severly mistaken (and someone will correct me), the rule
> as written will match only packets whose SOURCE port is domain ...
> you are missing a "to (self)" or "to any" in front of the port
> specification to achieve your objective.
that solved the thing !
thanks !
>
> > #pass in quick log on re0 proto { udp,tcp } from <localnet>
port
> > domain divert-packet port 5353
> >
> > #######
> >
> > I first tried to use the divert-packet rule (that way I don't have
> > to care if the traffic is ipv6 or ipv4), then I tried to redirect
> > using rdr-to 127... like most tutorials I found regarding rdr.
> >
> > I move the local rules before or after the common one, place a
> > quick on the common or removed it...
> >
> > Nothing : the common rule is always the one that applies according
> > to the logs.
> > Can you tell me what I am doing wrong ?
