OK. I have a site-to-site VPN link from my home to work. Astaro Home at home to two ASG220's, all running 8.305. IPSEC VPN established fine, passes traffic like crazy. I'm using the home astaro as DHCP and DNS, and am attempting to setup DNS request routing so anytime I hit <host>.work.com, it goes to resolve against dns.work.com instead of astaro.home.local. I can ping the DNS server by IP (anything at work by IP, actually) - it's 10.10.0.8. But when I perform an nslookup from my home machines, I get:
sinclair7-mba:~ skip$ nslookup server.work.com
;; connection timed out; no servers could be reached
sinclair7-mba:~ skip$ nslookup server.work.com 10.10.0.8
Server: 10.10.0.8
Address: 10.10.0.8#53
Name: server.work.com
Address: 10.10.0.7
So, left to it's own, the DNS Request Routing isn't doing much of anything. But I know that the DNS traffic itself is actually allowed, due to the second form of the command. I even ran a full debug against the DNS server (10.10.0.8), filtering out any packets that came from either the internal IP of the astaro (192.168.100.1), or the internal home machine itself (192.168.100.51) - nothing appears to be coming into the DNS server. Any ideas? Any way I can debug the DNS request routing part of the home astaro? This would really make working from home a thousand times easier, Support looked at the ASG220 configs and found nothing wrong or missing, but they wouldn't/couldn't touch the home box, so here I am...... TIA.
-Skip
sinclair7-mba:~ skip$ nslookup server.work.com
;; connection timed out; no servers could be reached
sinclair7-mba:~ skip$ nslookup server.work.com 10.10.0.8
Server: 10.10.0.8
Address: 10.10.0.8#53
Name: server.work.com
Address: 10.10.0.7
So, left to it's own, the DNS Request Routing isn't doing much of anything. But I know that the DNS traffic itself is actually allowed, due to the second form of the command. I even ran a full debug against the DNS server (10.10.0.8), filtering out any packets that came from either the internal IP of the astaro (192.168.100.1), or the internal home machine itself (192.168.100.51) - nothing appears to be coming into the DNS server. Any ideas? Any way I can debug the DNS request routing part of the home astaro? This would really make working from home a thousand times easier, Support looked at the ASG220 configs and found nothing wrong or missing, but they wouldn't/couldn't touch the home box, so here I am...... TIA.
-Skip