nat of all local dns-request to my own server

Philipp Päper piepre at gmx.de
Sun Apr 10 14:48:00 CEST 2005


hello,
i am a networkadmin of a small dormitory in germany (FH-Suderburg).
Until now we had 1 server. this server was a
router,webserver,dns,firewall. now we have a second server. both server
are running under debian/sarge. the old server is now only router
+firewall. the problem is that i don't want to tell everyone, that
he/she has to change the dns-server. so i thought, that i can redirect
every dns-request to the new server. my nat-rules for external
connections (http, smtp) are working.

networkplan:

internet
 |
 |
router ---- server (DNS + HTTP + EMail)
 | 
 |
intranet

router: intern: eth0 - 192.168.112.1, extern: eth1 - 193.x.x.251, dmz:
eth2 - 10.0.0.1
server: eth0: 10.0.0.2

here are the rule i tried the last time:

EXT=eht1
EXT_IP=193.x.x.251
EXT_NET=193.x.x.0/24
DMZ=eth2
DMZ_IP=10.0.0.1
DMZ_NET=10.0.0.1/30  
INT=eth0
INT_IP=192.168.112.1
INT_NET=192.168.112.0/24

SERVER_DMZ=10.0.0.2

iptables -t nat -A PREROUTING -i $INT -p tcp --dport 53 -j DNAT
--to-destination $SERVER_DMZ
iptables -t nat -A POSTROUTING -o $INT -s $SERVER_DMZ -p tcp --dport 53
-j SNAT --to-source $INT_IP
iptables -A FORWARD -i $INT -m state --state NEW -p tcp -d $SERVER_DMZ
--dport 53 -j ACCEPT
iptables -t nat -A PREROUTING -i $INT -p udp --dport 53 -j DNAT
--to-destination $SERVER_DMZ
iptables -t nat -A POSTROUTING -o $INT -s $SERVER_DMZ -p udp --dport 53
-j SNAT --to-source $INT_IP
iptables -A FORWARD -i $INT -m state --state NEW -p udp -d $SERVER_DMZ
--dport 53 -j ACCEPT

greets
 Philipp Päper




More information about the netfilter mailing list