Re: DNS and NAT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

OK, thanks I was not sure what is the proper behavior regarding iptables and DNS. 

If answer is not translated then how do I get DNS to work with two way NAT?
My internal network does not understand any of the ip addresses that belong to outside. So if the request for a page that is sent from internal network comes back from outside with an answer (ip address) that is not getting translated then I can't resolve the page since my internal network doesn't understand it and can't route to it. Is there a way around this problem? How do I get DNS to work in the type of environment I described? 

Thanks



From: Jason Opperisano <opie@xxxxxxxxxxx>
To: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: Re: DNS and NAT
Date: Mon, 11 Jul 2005 15:41:13 -0400

On Mon, Jul 11, 2005 at 12:37:31PM -0700, Suzana Lojic-Skoric wrote:
> Does DNS work with iptables NAT or I need some kind of ALG to get DNS
> answers translated?
>
> I am using Mandrake Linux 10.0. I have two way NAT going on and I am trying 
> to get DNS requests through the NAT. I got FTP, HTTP and SMTP working
> through the NAT, but DNS is not working properly, DNS answer is not getting 
> translated.

nor should it be.

> Source and Destination addresses in DNS message are properly
> translated, but the actual answer (the ip address embedded in the message) 
> is not translated.

which is exactly how it's supposed to work.  how the $%#@ is iptables
supposed to know what to rewrite the answer to?

if you are using BIND, look into the functionality offered by "views."

-j

--
"Peter: You know, I oughta just give you some beer. Goes straight
 through you.
 Stewie: Wonderful. And while we're at it, we can light up a doobie and
 watch porn.
 Peter: Eh... yeah?"
        --Family Guy



_________________________________________________________________
Designer Mail isn't just fun to send, it's fun to receive. Use special stationery, fonts and colors. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux