Válasz: Re: DNS and DNAT

[João Borsoi Soares]

> okay. Let's see it from the beginning. Have you ran tcpdump on the
> machines? What is the result?
>

No I haven't. But now I did. Let me explain my system. My DNS server has
internal ip 192.168.1.1. My firewall has internal ip 192.168.1.3 (eth0), and
let's say an external ip x.x.x.x (eth1). I made "tcpdump -n -q port domain"
on both (DNS and firewall). And than I made nslookup from the firewall and
from an external machine (y.y.y.y). Could you get up to here? Well, I got the
following results:

1) nslookup from the external machine:
tcpdump on firewall:
02:25:59.821020 eth1 < y.y.y.y.2545 > x.x.x.x.domain: udp 45
02:25:59.821020 eth0 > y.y.y.y.2545 > 192.168.1.1.domain: udp 45
02:25:59.821020 eth0 < 192.168.1.1.domain > y.y.y.y.2545: udp 110 (DF)
02:25:59.821020 eth1 > 200.168.164.78.domain > y.y.y.y.2545: udp 110 (DF)


tcpdump on DNS:
14:36:24.822990 eth0 < y.y.y.y.2545 > 192.168.1.1.domain: udp 45
14:36:24.832990 eth0 > 192.168.1.1.domain > y.y.y.y.2545: udp 110 (DF)

At y.y.y.y machine I got the following message:
*** Can't find server name for address x.x.x.x: Non-existent host/domain
*** Default servers are not available

2) nslookup from the internal firewall:
tcpdump on firewall:
02:24:02.971020 eth0 > 192.168.1.3.2053 > 192.168.1.1.domain: udp 33 (DF)
02:24:02.971020 eth0 < 192.168.1.1.domain > 192.168.1.3.2053: udp 83 (DF)

tcpdump on DNS:
14:34:27.932990 eth0 < 192.168.1.3.2053 > 192.168.1.1.domain: udp 33 (DF)
14:34:27.932990 eth0 > 192.168.1.1.domain > 192.168.1.3.2053: udp 83 (DF)

At my firewall I got back what I was looking for without errors... So, I can
see in the first case it made the forward correctly, didn't it? Well, I don't
understand at all. Maybe I missing something in my DNS configuration file,
but I made just like DNS-HOWTO.

Thanks for all the help.
Joao.