netfilter/iptables/NAT/DNS problems

All of lore.kernel.org
 help / color / mirror / Atom feed

From: "PAUL WILLIAMSON" <pwilliamson@mandtbank.com>
To: netfilter@lists.samba.org
Subject: netfilter/iptables/NAT/DNS problems
Date: Mon, 13 May 2002 23:30:54 -0400	[thread overview]
Message-ID: <sce04cc0.024@mandtbank.com> (raw)

Help!!  I have no hair left!  

I have been over the HOWTO, most exampes I can find 
and I still can't get things working entirely correct. 

I've looked in the archives, and that's gotten me 
about 95% of the way.  But that last 5% is killing 
me.

external net-----firewall/dns-----internal net

I'd like anything sourced from inside to be able to get outside.  
I'd like nothing outside to be able to get in, other 
that traffic that originated from inside.
I'd like ssh to be accepted from only internal 
connections.
I want all my internal network machines to use the 
DNS on the firewall.  The DNS on the firewall is 
pointing to a "real" internet DNS server.
I want all my machines to be NAT'ed going through the 
firewall out to the internet.

I have a cable modem with a dynamically assigned IP 
address, and depending on what range I get assigned 
to, I may end up with different DNS servers.  I'd 
like my internal machines to use the firewall as the 
DNS server, and have the firewall actually do the 
requesting out to the internet.
I can surf the internet from the linux 
firewall/dns box.

I can get as far as being able to ping real ip 
addresses on the internet from any internal machine, 
but I can't ping DNS names of those same sites.  
Obviously, I don't quite have things set up 
correctly.

Also, I can't get ssh to be accepted, PuTTy gives me 
an error that "Software caused connection abort."  

BTW, most internal machines are Windoze2000 or XP.
There are one or two crazy people that run linux 
on their desktop (me included...)  But I'm not too 
concerned, because I think the problem is in how the 
iptable rules are accepting requests on port 53, 
right? 

Please help!

Thanks,
Paul

next             reply	other threads:[~2002-05-14  3:30 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-05-14  3:30 PAUL WILLIAMSON [this message]
2002-06-13 17:10 ` A new documentation about Iptables HA with VRRP published (in english!) Sancho Lerena

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=sce04cc0.024@mandtbank.com \
    --to=pwilliamson@mandtbank.com \
    --cc=netfilter@lists.samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.