Sorry, surely I did'nt explained well the problem.
I don't have DNS services. I need to access dns server at 151.99.0.100
from my servers which have private ip addresses. I think the only thing
I need is to SNAT the connection.
Thank's all the same
Luca
Ionut Popovici wrote:
Hello,
I need some help about a routing problem on a complex configuration.
The problem is that I can't reach from services outside from my DMZ.
The scenario is a gateway linked to three internet connections, so
that I used three distinct iproute2 tables for routing. The gw is
running ipvs for balancing over the dmz's servers.
DMZ servers are on 192.168.1.0/24 network, .
Every table has the route to reach :
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.1
I'm using iptables to NAT a server on my DMZ to reach DNS services
outsides:
iptables -t nat -A POSTROUTING -p tcp -s 192.168.1.0/24 -d
151.99.0.100 --dport 53 -j SNAT --to-source 81.77.88.99
Have u try to use DNAT from iptables because dnat is in PREROTING ,
and if u have a dns service u need to make the outside service
connection to connect 2 your dns server !
Looking inside the cache I find only the route to reach the dns
server, but not the one that the dns needs to reach my server:
151.99.0.100 from 192.168.1.2 via 81.77.88.100 dev eth2 src
192.168.1.249
cache <src-direct> mtu 1500 advmss 1460 metric10 64 iif eth0
I experieced in the past that reentering the iptables nat command
worked, but it seems a random effect and not always works.
Thank's in advance,
Luca Maragnani
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
