nat and dns
Alexis
alexis at tpys.com.ar
Thu Sep 23 15:17:09 CEST 2004
Microsoft uses tcp for queries too.
-----Mensaje original-----
De: netfilter-bounces at lists.netfilter.org
[mailto:netfilter-bounces at lists.netfilter.org] En nombre de Samuel Díaz
García
Enviado el: Jueves, 23 de Septiembre de 2004 8:10
Para: Netfilter Mailing List
Asunto: Re: nat and dns
For DNS query only UDP is necesary, not TCP.
Regards,
Nick Drage writes:
> On Thu, Sep 23, 2004 at 11:00:33AM +0200, Raphael Jacquot wrote:
>> hi,
>> I have a setup that looks like :
>> _____ ____
>> [ ] 192.168.0.100 [ ]
>> [ DNS ]------------------------------[ FW ]----
>> [_____] 192.168.0.254 [____] (isp)
>>
>> and I want the DNS to answer to queries from the outside what's the
>> proper way of doing this ?
>
> I'm presuming that you want to answer queries from everywhere, rather
> than just from specific hosts, in which case:
>
> iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p udp
> --dport
> 53 -j DNAT --to-destination 192.168.0.100
>
> iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p tcp
> --dport
> 53 -j DNAT --to-destination 192.168.0.100
>
> iptables -A FORWARD --destination 192.168.0.100 -p udp --dport 53 -j
> ACCEPT
>
> iptables -A FORWARD --destination 192.168.0.100 -p tcp --dport 53 -j
> ACCEPT
>
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
>
> I'd be interested to hear how you get on by the way, I'm not quite
> sure that my iptables rulebases are keeping state on DNS requests
correctly.
>
> --
> mors omnia vincit
>
Samuel Díaz García
Director Gerente
ArcosCom Wireless, S.L.L.
mailto:samueldg at arcoscom.com
http://www.arcoscom.com
móvil: 651 93 72 48
tlfn/fax: 956 70 13 15
More information about the netfilter
mailing list