Good day,
I have dnscrypt-proxy working in sys-net only. But I am stuck on how to forward dns requests moving from sys firewall and the vms behind it so that sys-net can route them out via the proxy.
I only have dnscrypt-proxy running, it is not combined with unbound or dnsmasq.
The firewall rule in sys-firewall is
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source destination
1 69 DNAT udp -- * *
0.0.0.0/0 10.139.1.1 udp dpt:53 to:10.139.1.1
0 0 DNAT tcp -- * *
0.0.0.0/0 10.139.1.1 tcp dpt:53 to:10.139.1.1
0 0 DNAT udp -- * *
0.0.0.0/0 10.139.1.2 udp dpt:53 to:10.139.1.2
0 0 DNAT tcp -- * *
0.0.0.0/0 10.139.1.2 tcp dpt:53 to:10.139.1.2
and in sys-net it is
Chain PR-QBS (1 references)
pkts bytes target prot opt in out source destination
16 960 DNAT udp -- * *
0.0.0.0/0 10.139.1.1 udp dpt:53 to:127.0.0.1
0 0 DNAT tcp -- * *
0.0.0.0/0 10.139.1.1 tcp dpt:53 to:127.0.0.1
14 840 DNAT udp -- * *
0.0.0.0/0 10.139.1.2 udp dpt:53 to:127.0.0.1
0 0 DNAT tcp -- * *
0.0.0.0/0 10.139.1.2 tcp dpt:53 to:127.0.0.1
My firewall routing is self taught and not great but from the looks of it dns requests from sys-firewall are being forwared to sys-net on 10.139.1.1 which is receiving them and forwarding them to 127.0.0.1 which is what dnscrypt is using. Yet with it running I cannot resolve any dns outside of sys-net.
thanks in advance