On Thu, Sep 23, 2004 at 11:00:33AM +0200, Raphael Jacquot wrote: > hi, > I have a setup that looks like : > _____ ____ > [ ] 192.168.0.100 [ ] > [ DNS ]------------------------------[ FW ]---- > [_____] 192.168.0.254 [____] (isp) > > and I want the DNS to answer to queries from the outside > what's the proper way of doing this ? I'm presuming that you want to answer queries from everywhere, rather than just from specific hosts, in which case: iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p udp --dport 53 -j DNAT --to-destination 192.168.0.100 iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p tcp --dport 53 -j DNAT --to-destination 192.168.0.100 iptables -A FORWARD --destination 192.168.0.100 -p udp --dport 53 -j ACCEPT iptables -A FORWARD --destination 192.168.0.100 -p tcp --dport 53 -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT I'd be interested to hear how you get on by the way, I'm not quite sure that my iptables rulebases are keeping state on DNS requests correctly. -- mors omnia vincit
