What Arne says would make sense, if I would get those errors. In which case the CUSTOMPREROUTING should not work at all. I however don’t get an error message, and the CUSTOMPREROUTING shows that the -o is working as it has set green0 as outgoing and not incoming
Jon on the other hand has it set as incoming (-i) as his screenshot shows.
Checking the my connection status on the FW, it shows that it is doing its work correctly.
As you can see, I changed 192.168.114.1 to use 9.9.9.9 as DNS, whilst 192.168.114.6 has the gateway/firewall 192.168.114.254 assigned as DNS via DHCP. The 9.9.9.9 request is intercepted and redirected to 192.168.114.254, works as advertised.
Many roads lead to Rome, or towns with similar names. Both methods seem to be doing the same thing, on the surface that is, which brings up the questions.
What is the main differences with the two approaches?
And most importantly what is the impact?
UPDATE:
I see that also the VPN clients DNS requests are redirected to the FW, which is a nice bonus. Assimilation successful …All user base are belong to us muahahaha…