Le ven 05/09/2003 Ã 19:47, ÐÐÐÐÐÐÐÑ ÐÐÑÐÐÐÐ a Ãcrit : > I have some problems with DNS and iptables. [...] > Problem: > My packet filter couldn't forward dns udp query to the internet and from > internet to local .What I'm doing wrong ? I just quote UDP DNS related rules, for TCP stuff seems OK. > -A POSTROUTING -o eth0 -j SNAT --to-source 121.1.1.1 > -A FORWARD -d 192.168.5.0/255.255.255.0 -i eth0 -o eth1 -p udp -m > udp --dport 53 -j ACCEPT > -A FORWARD -s 192.168.5.0/255.255.255.0 -i eth1 -o eth0 -p udp -m > udp --dport 53 -j ACCEPT Your requests will get forwarded for there's a rule in FORWARD chain to accept them (2nd one below). But, there's no rule to accept returning packets. You so have to implement rules to accept them, both way. You can also use state matching, allowing ESTABLISHED UDP packets to go through FORWARD chain. At this time, you only use state matching for TCP ones. -- http://www.netexit.com/~sid/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
