DNS ReWrite for NAT traffic over BOVPN

Richard_S · October 2023

I am using a BOVPN with a NAT to connect two sites. Site A Lan: 192.168.0.0/24 Site B LAN: 172.21.1.0/24 an the NAT is 172.21.4.0/24. When creating the BOVPN tunnel, I added the NAT IP to the 1:1 NAT in Site A. The problem I have is when I try and access local resources in Site A using a FQDN. The request to the DNS in Site A reaches the DNS server and the result comes back fine. The problem is that what is returned is an IP in Site A's LAN (eg 192.168.0.1) which, due to the NAT, will not work. What do I need to do so that the Firebox will preform NAT on the A record in the DNS response so that a device in site B gets 172.21.4.1 instead of 192.168.0.1.

james.carson · October 2023

The firewall will not modify the actual response in the DNS queries. The best I can suggest is to use a conditional DNS forwarder to make the query to a DNS server that will respond with the address you want it to respond with.

See:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/networksetup/dns_forwarding_about.html

DNS ReWrite for NAT traffic over BOVPN

Answers