I’m figuring out how to Ziti in general and how to tunnel to a DNS service on Linux in particular. I’m finding there are some caveats, possibly due to some kind of conflict with the built in resolver in Ziti tunneler, and I’m not sure how to proceed with troubleshooting.
I had the tunneler running just fine after modifying the Network Manager connection to have the loopback IP for the resolver as the first nameserver (127.0.0.111), but after doing a Ctrl-C to return to the terminal I’m unable to run it again. Each attempt fails with
FATAL ziti/tunnel/dns.NewDnsServer: system resolver test failed
I’ve looked for stray routes and IPtables mangle rules and tun interfaces that might have somehow been left behind by the prior run when it was working. There is an empty chain named NF-INTERCEPT that is the target of all traffic in PREROUTING. I tried flushing PREROUTING but the result is the same.
❯ sudo iptables -tmangle -nvL PREROUTING Chain PREROUTING (policy ACCEPT 80160 packets, 67M bytes) pkts bytes target prot opt in out source destination 80160 67M NF-INTERCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ❯ sudo iptables -tmangle -nvL NF-INTERCEPT Chain NF-INTERCEPT (1 references) pkts bytes target prot opt in out source destination