Regards,
Nick Drage writes:
On Thu, Sep 23, 2004 at 11:00:33AM +0200, Raphael Jacquot wrote:hi,
I have a setup that looks like :
_____ ____
[ ] 192.168.0.100 [ ]
[ DNS ]------------------------------[ FW ]----
[_____] 192.168.0.254 [____] (isp)
and I want the DNS to answer to queries from the outside what's the proper way of doing this ?
I'm presuming that you want to answer queries from everywhere, rather
than just from specific hosts, in which case:
iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p udp --dport
53 -j DNAT --to-destination 192.168.0.100
iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p tcp --dport
53 -j DNAT --to-destination 192.168.0.100
iptables -A FORWARD --destination 192.168.0.100 -p udp --dport 53 -j
ACCEPT
iptables -A FORWARD --destination 192.168.0.100 -p tcp --dport 53 -j
ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
I'd be interested to hear how you get on by the way, I'm not quite sure
that my iptables rulebases are keeping state on DNS requests correctly.
--
mors omnia vincit
Samuel Díaz García
Director Gerente
ArcosCom Wireless, S.L.L.
mailto:samueldg@xxxxxxxxxxxx
http://www.arcoscom.com
móvil: 651 93 72 48
tlfn/fax: 956 70 13 15
