On Monday 13 January 2003 06:52 am, Mattia Martinello wrote: > Hi all > > I wish to open DNS connections and redirect it from the gateway and > the server on the DMZ. > I tried these rules: > > iptables -t nat -A PREROUTING -p tcp -i ppp0 -d [public IP] --dport 53 > -j DNAT --to [private IP]:53 > iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j > ACCEPT > > iptables -t nat -A PREROUTING -p udp -i ppp0 -d [public IP] --dport 53 > -j DNAT --to [private IP]:53 > iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j > ACCEPT Do you also have a FORWARD rule ACCEPTing UDP port 53? It may be a type in the mail, but your FORWARD rules are both for TCP here... BTW, the :53 in the DNAT destination is unnecessary, it will keep the same port unless you specify something different. Not an issue, just a comment. :^) j > But if I try to query my DNS server from the Internet my query goes in > timeout. > The connections between [private IP] and the Internet are allowed (all > other services work good without any problem, the only service that > gets me some problems is DNS). > > What have I to open to allow DNS connections from the gateway and the > DMZ? > > Thank you very much > Bye > Mattia
