On 11/26/2007 4:19 PM, netfilter@xxxxxxxxxxxxxx wrote:
We have a situation where our nameservers are contacting an upstream
nameserver to resolve a name using a source port 53 and a destination
port 53. We have found out that the upstream name server will not honor
our request since the source port from our nameservers is 53. Until we
can resolve this with the upstream admin, we would like
change the source port from our name server to a high numbered port
using iptables when it tries to contact the upstream nameserver. We can
not seem to put together a rule to do this. Is it even possible?
Refer to the IPTables man page for exact syntax, but yes you can change
the source port if you SNAT the packets.
iptables -t nat -A POSTROUTING -o ${ExtIF} -p udp --sport 53 -j SNAT
--to-source ${ExtIP}:${ExtPort}
iptables -t nat -A POSTROUTING -o ${ExtIF} -p tcp --sport 53 -j SNAT
--to-source ${ExtIP}:${ExtPort}
Grant. . . .
-
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
