sanebox: fix bwrap+pasta DNS forwarding for hosts not using trust-dns

2024-05-26 14:26:09 +00:00 · 2024-05-26 14:26:09 +00:00 · a03099569c
commit a03099569c
parent b1c7061b21
1 changed files with 3 additions and 1 deletions
--- a/pkgs/additional/sanebox/sanebox
+++ b/pkgs/additional/sanebox/sanebox
@ -838,7 +838,9 @@ pastaonlyIngestNetGateway() {
 }
 pastaonlyIngestDns() {
  # NAT DNS requests to localhost to the VPN's DNS resolver
-  pastaNetSetup="ip addr del 127.0.0.1/8 dev lo; iptables -A OUTPUT -t nat -p udp --dport 53 -m iprange --dst-range 127.0.0.1 -j DNAT --to-destination $1:53; $pastaNetSetup"
+  # claim the whole 127.0.0.x space, because some setups place the DNS on a different address of localhost.
+  pastaNetSetup="iptables -A OUTPUT -t nat -p udp --dport 53 -m iprange --dst-range 127.0.0.1-127.0.0.255 -j DNAT --to-destination $1:53; $pastaNetSetup"
+  pastaNetSetup="ip addr del 127.0.0.1/8 dev lo; $pastaNetSetup"
 }
 pastaonlyIngestKeepNamespace() {
  :