Re: forwarding based on hostname

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Daniel Chemko <dchemko@smgtec.com>
To: Ian McBeth <imcbeth@telus.net>
Cc: netfilter@lists.netfilter.org
Subject: Re: forwarding based on hostname
Date: Sun, 03 Aug 2003 13:20:30 -0700	[thread overview]
Message-ID: <3F2D6E8E.2060508@smgtec.com> (raw)
In-Reply-To: <000001c359fb$2c7c68c0$8c01a8c0@blackice3>

I would not reccomend using domain names in the submission to iptables 
if it is supported or not. 1. Do a resolution of the domain every once 
and a while and resubmit the rule to iptables. If the firewall ever has 
any issues resolving domain names, then the rules requiring it would 
break,. It is generally a bad idea to have the packet firewall relying 
on any external service to perform its job. Remote access services need 
authenitcators but beyond that, limited liability DNS, and monitoring 
the firewall shouldn't be talking that much.

Ian McBeth wrote:

>Hello
>
>I have an issue where I have forwarded the ports to an internal mail
>server.  Based off ip it works but when you get the hostname in there it
>seems to get lost.  No error is given just hangs and outlook says the
>connection was interrupted.
>
>Using cat /proc/net/ip_conntrack it does not even appear to be
>connecting.
>
>Any help would be great as I am kind of new at iptables NAT
>configurations.
>
>Thanx
>
>Ian McBeth
>
>p.s. I have not really looked to deeply into this but can you forward
>based off hostnames to your internal network?
>
>e.g.
>mail.domainname.net --> NAT --> 192.168.0.x
>
>
>
>  
>

next prev parent reply	other threads:[~2003-08-03 20:20 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-08-03  8:40 Masquerade stopped working?!?! dummy1
2003-08-03 12:33 ` George Vieira
2003-08-03 16:06   ` dummy1
2003-08-03 16:42     ` Chris Wilson
2003-08-04  7:11       ` dummy1
2003-08-03 17:32     ` Alistair Tonner
2003-08-03 18:12       ` dummy1
2003-08-03 20:09   ` forwarding based on hostname Ian McBeth
2003-08-03 20:20     ` Daniel Chemko [this message]
2003-08-03 20:44       ` Ian McBeth
2003-08-03 20:55         ` Daniel Chemko
  -- strict thread matches above, loose matches on Subject: below --
2003-08-03 22:07 George Vieira

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3F2D6E8E.2060508@smgtec.com \
    --to=dchemko@smgtec.com \
    --cc=imcbeth@telus.net \
    --cc=netfilter@lists.netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.