Re: Connection tracking Cli and an ALG for DNS

Linux Netfilter discussions
 help / color / mirror / Atom feed

From: Adel Belhouane <bugs.a.b@free.fr>
To: Bill <boober95@rogers.com>
Cc: Netfilter Users Mailing list <netfilter@vger.kernel.org>
Subject: Re: Connection tracking Cli and an ALG for DNS
Date: Wed, 2 Dec 2015 12:12:47 +0100	[thread overview]
Message-ID: <565ED22F.7070903@free.fr> (raw)
In-Reply-To: <201511191352.03564.boober95@rogers.com>

Le 19/11/2015 19:52, Bill a écrit :

> For reference here is my diagram again:
> 
>>>> local host               dns/nat gateway              remote host
>>>> 192.168.20.171      192.168.20.170                192.168.30.172
>>>>                                192.168.30.170
>>>> inside               ----->>> nat >>> ------          outside
> 
> As you can see, DNAT would no do for my requirements since I'd have to 
> add/delete iptables rules, which I supposed I could do, but doesn't seem te 
> right approach.
> 
> Now since my original posting I have been reading code and have manged to 
> create an e'expect' connection by upgrading to the latest 4.4 kernel.  In 
> this version I find the sample test 'create-expect' works.
> 
> After succeeding with this I realize I may need to build a kernel module for 
> the expectation and have started looking at the kernel code for this, such as 
> those for FTP etc.
> 
I didn't get before that the "ALG" part was essential. I read a summary here:
https://www.juniper.net/documentation/en_US/junos12.1x47/topics/concept/security-alg-dns-overview.html

So I still don't get exactly what you are looking for (sorry), but I realize
it's related to DNS data content, not just connections. Sorry to have
waisted your time with my replies and good luck with your project.

> /bill
> 

regards,
Adel BELHOUANE.

next prev parent reply	other threads:[~2015-12-02 11:12 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-11-04 18:32 Connection tracking Cli and an ALG for DNS Bill
2015-11-06 22:27 ` [Bulk] " Bill
2015-11-15 18:26   ` Adel Belhouane
2015-11-15 18:45   ` Adel Belhouane
2015-11-19 18:52     ` Bill
2015-12-02 11:12       ` Adel Belhouane [this message]
2015-12-02 22:36         ` Bill

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=565ED22F.7070903@free.fr \
    --to=bugs.a.b@free.fr \
    --cc=boober95@rogers.com \
    --cc=netfilter@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox