AW: DNat Portforwarding beginner's Question
Jakob Praher
jp@hapra.at
Thu, 11 Oct 2001 15:41:53 +0200
hi all,
thanks for your support.
though I read the howtos (which are really great) carefully I totally forgot
that the packet's source adress remains the original source ip adress, so
that there must be a route (from A ) back to the source (B), which I didn't
have.
So I wanted to tell you that it now works and it is really great!
As I am speaking with the experts regarding netfilter, I want to take the
opportunity and ask you some more questions:
regarding forwarding of DNS traffic:
Assume I have 2 DNS Servers within my internal net:
+----------+
| External |
+----------+
^
|
|
+-------+ |
| PFWD |<>-------+ +--------+
| |<>---------------+---------<>| ns1 |
+-------+ | | |
| +--------+
|
| +--------+
+---------<>| ns2 |
| |
+--------+
ns1, ns2 have the zone definitions for the organizations domains.
they are not used for internal network information.
ns1, ns2 resolve only external adresses.
in order to protect them from direct access from outside, they are located
inside the internal net.
an external ns-server (dealing as a secondary ns-server) has to be able to
contact the ns1 and exchange zone-information.
a client must be able to contact ns1 or ns2 to gather information about the
organizations domain.
Now my questions:
Which ports must be forwarded in order to accomplish this?
Is it better to externalize them?
How would a DMZ fit in this szenario?
thanks for your support.
bye