DNS and NAT
primero at fastwebnet.it
Thu Jul 14 18:00:59 CEST 2005
Suzana Lojic-Skoric wrote:
>> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
>> and everything is as described.
> Yes, you are right, but the problem is between my inside client and
> the NAT gateway I have a machine that drops everything that is not
> 10.x.x.x. I know, I know, it is insane... but my job is to find a
> solution for DNS in such network.
> So basically, my inside network can only route 10.x.x.x and everything
> else is dropped.
>> As /dev/rob0 pointed out, if you don't want your clients to talk with
>> google directly use proxies.
> I'll check out the proxy idea. Thanks for your input.
You could use a Proxy but this would not solve your problem of 'have a
machine that drops everything that is not 10.x.x.x' ... even with a
proxy you would need that at least that machine would be able to access
Public Big Internet.
Maybe i missed the point ... but if you can not access anything else
then 10.x.x.x because something beetween clients and DefaultGW would
drop it i don't see any escape other then configuring the proxy on your
NAT Device because it should have not problem accessing the Public Internet.
More information about the netfilter