Hi There is a feature of most named's these days often called split horizon DNS. That is what you're looking for. Ray On Thu, 2003-01-09 at 10:03, Micah Abrams wrote: > List -- > > I'm building an iptables firewall to replace my pix 506. The firewall will > only have two interfaces for now. My dns server sits outside my firewall on > the internet and answers queries for both my internal network and the world. > Of course it only contains real world ips. The pix has an option (called > alias) that doctors dns request from my internal lan so that the reply > packet contains the internal ip address instead of the public address given > out by my dns server. This lets the internal machines access internal hosts > via dns without having to run two dns servers. For example with following > command: > > alias (inside) 192.168.0.5 245.243.3.5 255.255.255.255 > > all dns queries passing through the pix containing the address 245.243.3.5 > are re-written to contain 192.168.0.5. My question is, is there any way to > do this with iptables? How is everyone handling this? I would really like > to avoid having two dns servers. I am very new to iptables so any and all > help is much appreciated. > > Thanks > > ~Micah -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ( Raymond Leach ) ) Knowledge Factory ( ( ) ) Tel: +27 11 445 8100 ( ( Fax: +27 11 445 8101 ) ) ( ( http://www.knowledgefactory.co.za/ ) ) http://www.saptg.co.za/ ( ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ o o o o .--. .--. | o_o| |o_o | | \_:| |:_/ | / / \\ // \ \ ( | |) (| | ) /`\_ _/'\ /'\_ _/`\ \___)=(___/ \___)=(___/
Attachment:
signature.asc
Description: This is a digitally signed message part
