Hello.
I have a setup as follows, and would like to know what people recommend.
the vyos router is the edge router, managing 2 lan subnets and 4 static public ips.
There is a content filter proxy on the 10.5.5.0/24 subnet, we’ll say 10.5.5.2
10.5.5.2 has a one to one nat to public ip 1.1.1.2
I have users on the second subnet, 192.168.39.0/24 who want to use this proxy regardless if they are on the lan or not.
The 192.168.39.0/24 lan is using the default masquerade rule which nats to 1.1.1.1
Connections to the proxy work fine if not on the lan but as soon as they are on the lan it breaks. The firewall is zone based and local to local traffic going to that device works. It’s only if they use the dns name that this breaks.
So what should i do to fix this?
One thing that occurs to me is add the proxy to the hosts file on the vyos router with it’s local address. Is this the best solution? or is there something i’m missing?
My recommendation is generally always a split horizon DNS zone setup. Are you using BIND?
Hello.
No, i don’t have a deticated dns server. I was hoping vyos could be that. How do you enter host entries into vyos?
I believe it uses pdns
set system static-host-mapping host-name hostname.domain.com inet 'x.x.x.x'
1 Like
Thanks a lot. This is the last missing puzzle piece. I’m scrapping hairpin nat as i can’t seem to make it work anyway.
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.