nat and dns
Nick Drage
nickd at metastasis.org.uk
Thu Sep 23 12:34:28 CEST 2004
On Thu, Sep 23, 2004 at 11:00:33AM +0200, Raphael Jacquot wrote:
> hi,
> I have a setup that looks like :
> _____ ____
> [ ] 192.168.0.100 [ ]
> [ DNS ]------------------------------[ FW ]----
> [_____] 192.168.0.254 [____] (isp)
>
> and I want the DNS to answer to queries from the outside
> what's the proper way of doing this ?
I'm presuming that you want to answer queries from everywhere, rather
than just from specific hosts, in which case:
iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p udp --dport
53 -j DNAT --to-destination 192.168.0.100
iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p tcp --dport
53 -j DNAT --to-destination 192.168.0.100
iptables -A FORWARD --destination 192.168.0.100 -p udp --dport 53 -j
ACCEPT
iptables -A FORWARD --destination 192.168.0.100 -p tcp --dport 53 -j
ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
I'd be interested to hear how you get on by the way, I'm not quite sure
that my iptables rulebases are keeping state on DNS requests correctly.
--
mors omnia vincit
More information about the netfilter
mailing list