DNS and NAT
primero
primero at fastwebnet.it
Thu Jul 14 18:00:59 CEST 2005
Suzana Lojic-Skoric wrote:
>> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>>
>> and everything is as described.
>>
> Yes, you are right, but the problem is between my inside client and
> the NAT gateway I have a machine that drops everything that is not
> 10.x.x.x. I know, I know, it is insane... but my job is to find a
> solution for DNS in such network.
>
> So basically, my inside network can only route 10.x.x.x and everything
> else is dropped.
>
>> As /dev/rob0 pointed out, if you don't want your clients to talk with
>> google directly use proxies.
>>
>
> I'll check out the proxy idea. Thanks for your input.
>
> Suzana
>
You could use a Proxy but this would not solve your problem of 'have a
machine that drops everything that is not 10.x.x.x' ... even with a
proxy you would need that at least that machine would be able to access
Public Big Internet.
Maybe i missed the point ... but if you can not access anything else
then 10.x.x.x because something beetween clients and DefaultGW would
drop it i don't see any escape other then configuring the proxy on your
NAT Device because it should have not problem accessing the Public Internet.
Bye
Francesco
More information about the netfilter
mailing list