Nick Drage wrote:
On Thu, Sep 23, 2004 at 11:00:33AM +0200, Raphael Jacquot wrote:
hi,
I have a setup that looks like :
_____ ____
[ ] 192.168.0.100 [ ]
[ DNS ]------------------------------[ FW ]----
[_____] 192.168.0.254 [____] (isp)
and I want the DNS to answer to queries from the outside
what's the proper way of doing this ?
I'm presuming that you want to answer queries from everywhere, rather
than just from specific hosts, in which case:
iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p udp --dport
53 -j DNAT --to-destination 192.168.0.100
iptables -t nat -A PREROUTING --destination $EXTERNAL_IP -p tcp --dport
53 -j DNAT --to-destination 192.168.0.100
iptables -A FORWARD --destination 192.168.0.100 -p udp --dport 53 -j
ACCEPT
iptables -A FORWARD --destination 192.168.0.100 -p tcp --dport 53 -j
ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
I'd be interested to hear how you get on by the way, I'm not quite sure
that my iptables rulebases are keeping state on DNS requests correctly.
seems to work well, thanks...
