Tailscale iptables with Aliyun DNS
Troubleshooting
resolvectl status
Global
Protocols: -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
resolv.conf mode: foreign
DNS Domain: tail2fb681.ts.net
Link 2 (eth0)
Current Scopes: DNS
Protocols: +DefaultRoute +LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.100.2.136
DNS Servers: 100.100.2.136 100.100.2.138
Link 9 (tailscale0)
Current Scopes: DNS
Protocols: -DefaultRoute -LLMNR -mDNS -DNSOverTLS DNSSEC=no/unsupported
Current DNS Server: 100.100.100.100
DNS Servers: 100.100.100.100
DNS Domain: ...
tcpdump -i eth0 udp port 53 and host 100.100.2.136
dig baidu.com @100.100.2.136
01:02:41.009504 IP cmajorrocks.46257 > 100.100.2.136.domain: 61182+ [1au] A? baidu.com. (50)
01:02:41.009704 IP 100.100.2.136.domain > cmajorrocks.46257: 61182 2/0/1 A 182.61.201.211, A 182.61.244.181 (70)
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ts-input all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ts-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain ts-forward (1 references)
target prot opt source destination
MARK all -- anywhere anywhere MARK xset 0x40000/0xff0000
ACCEPT all -- anywhere anywhere mark match 0x40000/0xff0000
DROP all -- 100.64.0.0/10 anywhere
ACCEPT all -- anywhere anywhere
Chain ts-input (1 references)
target prot opt source destination
ACCEPT all -- cmajorrocks.tail2fb681.ts.net anywhere
RETURN all -- 100.115.92.0/23 anywhere
DROP all -- 100.64.0.0/10 anywhere
ACCEPT all -- anywhere anywhere
Resolutions
iptables -I ts-input 2 -i eth0 -s 100.100.2.136 -j ACCEPT
iptables -I ts-input 2 -i eth0 -s 100.100.2.138 -j ACCEPT
No comments to display
No comments to display