Re: forwarding based on hostname

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I would not reccomend using domain names in the submission to iptables if it is supported or not. 1. Do a resolution of the domain every once and a while and resubmit the rule to iptables. If the firewall ever has any issues resolving domain names, then the rules requiring it would break,. It is generally a bad idea to have the packet firewall relying on any external service to perform its job. Remote access services need authenitcators but beyond that, limited liability DNS, and monitoring the firewall shouldn't be talking that much.


Ian McBeth wrote:

Hello

I have an issue where I have forwarded the ports to an internal mail
server.  Based off ip it works but when you get the hostname in there it
seems to get lost.  No error is given just hangs and outlook says the
connection was interrupted.

Using cat /proc/net/ip_conntrack it does not even appear to be
connecting.

Any help would be great as I am kind of new at iptables NAT
configurations.

Thanx

Ian McBeth

p.s. I have not really looked to deeply into this but can you forward
based off hostnames to your internal network?

e.g.
mail.domainname.net --> NAT --> 192.168.0.x







[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux