> > Just being curious : why do you want to replicate the external view on > the slave DNS server ? If I understand correctly, only the primary DNS > server is reachable from the outside. > Um, I can't remember :). But that's a good question. > [...] > > -A POSTROUTING -s 10.40.0.0/24 -d 10.40.0.13 -p tcp -m tcp --sport 53 -j > > SNAT --to-source 80.80.80.66:53 > > -A POSTROUTING -s 10.40.0.0/24 -d 10.40.0.13 -p udp -m udp --sport 53 -j > > SNAT --to-source 80.80.80.66:53 > > What do you expect these two rules to do ? A long long time ago I had to put these in to fix some VPN clients from dying on the routes. This was a long time ago though. Since then for our primary firewall we switched from NAT to bridging so we have since not used most of the options. So it's like relearning NAT'ing again Anyways, thanks for the information. I'll play around with this a little more.
