From: Aleksandar Milivojevic <amilivojevic@pbl.ca>
To: netfilter@lists.netfilter.org
Subject: Re: nat and dns
Date: Thu, 23 Sep 2004 09:17:03 -0500 [thread overview]
Message-ID: <4152DADF.4090802@pbl.ca> (raw)
In-Reply-To: <415290B1.5030401@imag.fr>
Raphael Jacquot wrote:
> hi,
> I have a setup that looks like :
> _____ ____
> [ ] 192.168.0.100 [ ]
> [ DNS ]------------------------------[ FW ]----
> [_____] 192.168.0.254 [____] (isp)
>
> and I want the DNS to answer to queries from the outside
> what's the proper way of doing this ?
Use DNAT target. In short what you need to do is:
iptables -A FORWARD -m state --state NEW -j ACCEPT
iptables -A FORWARD -p icmp -m state --state RELATED -j ACCEPT
iptables -A FORWARD -i ext_if -o int_if -d 192.168.0.100 \
-p udp --port 53 -m state --state NEW -j ACCEPT
iptables -A FORWARD -i ext_if -o int_if -d 192.168.0.100 \
-p tcp --port 53 -m state --state NEW -j ACCEPT
iptables -t nat -A PREROUTING -i ext_if -d ext_ip \
-p udp --port 53 -j DNAT --to-address 192.168.0.100
iptables -t nat -A PREROUTING -i ext_if -d ext_ip \
-p tcp --port 53 -j DNAT --to-address 192.168.0.100
--
Aleksandar Milivojevic <amilivojevic@pbl.ca> Pollard Banknote Limited
Systems Administrator 1499 Buffalo Place
Tel: (204) 474-2323 ext 276 Winnipeg, MB R3T 1L7
next prev parent reply other threads:[~2004-09-23 14:17 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-09-23 9:00 nat and dns Raphael Jacquot
2004-09-23 10:34 ` Nick Drage
2004-09-23 11:09 ` Samuel Díaz García
2004-09-23 11:23 ` Nick Drage
2004-09-23 13:01 ` Samuel Díaz García
2004-09-23 13:19 ` Alexis
2004-09-23 14:13 ` Jason Opperisano
2004-09-23 14:34 ` Aleksandar Milivojevic
2004-09-23 14:44 ` Jason Opperisano
2004-09-23 15:09 ` Aleksandar Milivojevic
2004-09-24 9:43 ` Jozsef Kadlecsik
2004-09-23 13:17 ` Alexis
2004-09-23 14:09 ` Aleksandar Milivojevic
2004-09-23 12:00 ` Raphael Jacquot
2004-09-23 14:17 ` Aleksandar Milivojevic [this message]
2004-09-23 22:02 ` Dimitar Katerinski
2004-09-23 22:16 ` Jason Opperisano
2004-09-24 1:56 ` Aleksandar Milivojevic
2004-09-24 6:51 ` Jason Opperisano
[not found] <20020829192902.29524.97535.Mailman@kashyyyk>
2002-09-11 12:10 ` NAT and DNS Mauricio Gouvea
2002-09-11 13:10 ` Antony Stone
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4152DADF.4090802@pbl.ca \
--to=amilivojevic@pbl.ca \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox