On 14/05/2021 02:55, Steven Garner via Pdns-users wrote:
The router connecting ns2.opensourceserver.io
<http://ns2.opensourceserver.io>'s 207.177.51.156 public IP address to
the PDNS server's 192.168.1.2 private IP address is RouterOS 6.42.12,
NAT/port forwarded:
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.1.0/24
<http://192.168.1.0/24>
....
add action=dst-nat chain=dstnat comment=DNS dst-port=53
in-interface=ether1 protocol=tcp to-addresses=192.168.1.2 to-ports=53
add action=dst-nat chain=dstnat comment=DNS dst-port=53
in-interface=ether1 protocol=udp to-addresses=192.168.1.2 to-ports=53
...
add action=masquerade chain=srcnat out-interface=ether1
Any help would be appreciated.
On my home Mikrotik I have:
/ip firewall filter
...
add action=accept chain=forward dst-address-list=ns_auth dst-port=53
protocol=udp
add action=accept chain=forward dst-address-list=ns_auth dst-port=53
protocol=tcp
...
/ip firewall nat
add action=masquerade chain=srcnat comment="NAT outbound - external
links" out-interface-list=all-external \
src-address-list=internal_v4
...
add action=dst-nat chain=dstnat dst-address-type=local dst-port=53
in-interface-list=all-external protocol=udp \
to-addresses=10.12.255.32 to-ports=53
add action=dst-nat chain=dstnat dst-address-type=local dst-port=53
in-interface-list=all-external protocol=tcp \
to-addresses=10.12.255.32 to-ports=53
/ip firewall address-list
...
add address=10.12.255.32 list=ns_auth
/interface list
add name=all-external
/interface list member
add interface=pppoe-out2 list=all-external
Looks similar to yours, although I have "dst-address-type=local" on the
inbount NAT.
You can prove routing is the problem by running tcpdump on ns2, and
sending a query from outside:
tcpdump -i eth0 -nn -s0 -v udp port 53
_______________________________________________
Pdns-users mailing list
Pdns-users@mailman.powerdns.com
https://mailman.powerdns.com/mailman/listinfo/pdns-users
