[LARTC] port forwarding

[LARTC] port forwarding

[Alen Sarkinovic]

is there anybody who can tell me how to forward request to other host, i
would like to forward all dns requests to other dns server and it must be
done with packet forwarding because dns server (resolver) must go down.

There is many docs about port forwarding based on nat table and
explanation consider linux box act like nat with two e cards.

thanks,
alens

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] port forwarding

[Martin A. Brown]

Hello Alen,

 : is there anybody who can tell me how to forward request to other host,
 : i would like to forward all dns requests to other dns server and it
 : must be done with packet forwarding because dns server (resolver) must
 : go down.
 :
 : There is many docs about port forwarding based on nat table and
 : explanation consider linux box act like nat with two e cards.

Is this the sort of thing you are looking for?

http://iptables-tutorial.frozentux.net/chunkyhtml/targets.html#DNATTARGET

I'm unable to be of more assistance, because I don't quite understand what
it is you need to do.  The nat table is the correct place to do this.

-Martin

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

Re: [LARTC] port forwarding

[Jose Luis Domingo Lopez]

On Tuesday, 09 December 2003, at 17:34:39 +0100,
Alen Sarkinovic wrote:

> is there anybody who can tell me how to forward request to other host, i
> would like to forward all dns requests to other dns server and it must be
> done with packet forwarding because dns server (resolver) must go down.
>
Just use "iptables" to set up DNAT rules for DNS traffic (remember, DNS
queries usually use DNS, but sometimes they use TPC). Depending on the
"redirector IP address" and the "final IP address" of the DNS server you
will also have to add an entry ni the routing table and maybe a static 
proxy ARP entry to the "redirector box".

Both the route and the proxy ARP enrty could be needed if the final DNS
server is not connected to any local network. Just depict packets
arriving at the box, rewrite the addressess as "iptables" would do
(DNAT) and follow the diagram at:
http://www.docum.org/stef.coene/qos/kptd/

In the PRDB (Policy Routing DataBase) is where the routing decissiont
takes place, and where you should see clearly the need for routes and/or
static proxy ARP entries.

Greetings.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.0-test10-mm1)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/