From: Noino <mg8c1zu02@sneakemail.com>
To: netfilter@vger.kernel.org
Subject: simple port translation on the localhost / local loopback
Date: Thu, 27 Mar 2008 22:16:43 +0100 [thread overview]
Message-ID: <20080327211643.B37CA78C86@gam.mel.teaser.net> (raw)
Hi, List !
I wish to submit to you experts an apparently simple problem involving port
address translation on the localhost/local loopback, which I've tried and
tried and read and couldn't find an authoritative answer for.
Setup: Linux SUSE w/ kernel 2.6.5. Iptables v. 1.2.9.
Have a relay DNS listener on UDP port 10053.
Most DNS clients only know to contact a DNS server on port 53 though.
Problem: using netfilter/ip divert packets from local clients to hit port
10053 instead of 53, and of course responses should come back to requesters
appearing as though coming from port 53. This is very elementary PAT, but
... whatever I've tried using iptables, either one of two equally incorrect
things happen :
- (DNAT) requests hit the server, but the port number in replies in
untouched hence replies are ignored, or
- (SNAT) replies disappear in the ether & requesoer times out...
Searching found that, maybe, a kernel option : CONFIG_IP_NF_NAT_LOCAL should
be necessary for PAT to work on the local host; can you confirm that it
would indeed work if I were to recompile my kernel with that option set ?
Further search seemes to imply that this option was removed from later
kernels altogether, which gets even more confusing...
Can you help me set up the very basic port translation I need, using my
existing software if at all possible ?
What alternative options exist ? I've read about a thing called "Fast-NAT",
which unfortunately also seems to have been broken even before the 2.6
kernels. Is linux following the lead of the "other" OS in carelessly
breaking things along the road? \\\\\\\\\rub-out last question.
Regards,
--
Noino
--
Noino
next reply other threads:[~2008-03-27 21:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-03-27 21:16 Noino [this message]
2008-03-27 23:17 ` simple port translation on the localhost / local loopback Ryan Kruse
2008-03-28 10:21 ` Noino
2008-03-28 10:35 ` Pascal Hambourg
2008-03-28 14:15 ` Noino
2008-03-29 15:27 ` Pascal Hambourg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080327211643.B37CA78C86@gam.mel.teaser.net \
--to=mg8c1zu02@sneakemail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox