> Hello, > > Here is my problem more simply explained ... > > An user (IP address : 10.0.0.1) has a DNS server IP address specified in > his configuration (we don't know the address, and maybe this address is > invalid so we want to change it with a iptables rules). > > His gateway is 10.0.0.254. The gateway has another interface at > 192.168.100.254 where a DNS server is launch (by named). > At the gateway, a iptables rule send all his DNS packets at the DNS > server (192.168.100.254) > The rule is : > iptables -A PREROUTING -t nat -s 10.0.0.1 -p UDP --dport 53 -j DNAT > --to-destination 192.168.100.254 > > ** BUT ** this rule is not effective immediately, and take fews minutes > before to be active !!! > Same thing if you flush the nat table (iptables -F PREROUTING -t nat ) : > the last DNS is active during some minutes (sometimes immediately but > not systematically)... > > To easely see that : just put an invalid DNS server in the configuration > of the client, and a real one at the gateway (192.168.100.254). You > will see that rules are not immediately active !!! > > Is someone know why ??? > > Thanks. > -- Mark > > _________________________________________________________________ > Bloquez les fenêtres pop-up, c'est gratuit ! http://toolbar.msn.fr
