Re: Connection tracking Cli and an ALG for DNS

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Adel Belhouane <bugs.a.b@free.fr>
To: Bill <boober95@rogers.com>
Cc: Netfilter Users Mailing list <netfilter@vger.kernel.org>
Subject: Re: Connection tracking Cli and an ALG for DNS
Date: Wed, 2 Dec 2015 12:12:47 +0100	[thread overview]
Message-ID: <565ED22F.7070903@free.fr> (raw)
In-Reply-To: <201511191352.03564.boober95@rogers.com>

Le 19/11/2015 19:52, Bill a écrit :

> For reference here is my diagram again:
> 
>>>> local host               dns/nat gateway              remote host
>>>> 192.168.20.171      192.168.20.170                192.168.30.172
>>>>                                192.168.30.170
>>>> inside               ----->>> nat >>> ------          outside
> 
> As you can see, DNAT would no do for my requirements since I'd have to 
> add/delete iptables rules, which I supposed I could do, but doesn't seem te 
> right approach.
> 
> Now since my original posting I have been reading code and have manged to 
> create an e'expect' connection by upgrading to the latest 4.4 kernel.  In 
> this version I find the sample test 'create-expect' works.
> 
> After succeeding with this I realize I may need to build a kernel module for 
> the expectation and have started looking at the kernel code for this, such as 
> those for FTP etc.
> 
I didn't get before that the "ALG" part was essential. I read a summary here:
https://www.juniper.net/documentation/en_US/junos12.1x47/topics/concept/security-alg-dns-overview.html

So I still don't get exactly what you are looking for (sorry), but I realize
it's related to DNS data content, not just connections. Sorry to have
waisted your time with my replies and good luck with your project.

> /bill
> 

regards,
Adel BELHOUANE.

next prev parent reply	other threads:[~2015-12-02 11:12 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-04 18:32 Connection tracking Cli and an ALG for DNS Bill
2015-11-06 22:27 ` [Bulk] " Bill
2015-11-15 18:26   ` Adel Belhouane
2015-11-15 18:45   ` Adel Belhouane
2015-11-19 18:52     ` Bill
2015-12-02 11:12       ` Adel Belhouane [this message]
2015-12-02 22:36         ` Bill

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=565ED22F.7070903@free.fr \
    --to=bugs.a.b@free.fr \
    --cc=boober95@rogers.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.