On Sunday 15 November 2015 13:45, Adel Belhouane wrote: > (I didn't reply to the original sender, my bad. So sending the same message > again...) > > Le 06/11/2015 23:27, Bill a écrit : > Do you just want 192.168.20.171, behind a NAT gateway, to be the DNS server > for outside? Can you confirm that's the case or is there something else? Actually it is 192.168.30.171 that is a NAT gateway and the DNS server for the 192.168.20.0 network. > Can't you simply use the iptables DNAT target? If not, can you explain why > it won't work for your use case and for what reason you'd need something > else? > DNAT would give access to a specific host, but I want to refer to it by a DNS name for 2 reasons: 1) The host I am going to connect may change it's IP address, or if it is a service being requested, it might be provided by another host if the network changes (I am looking at a mobile network where hosts may come and go, or other hosts may replace them in times of interruption). 2) Since the DNS may return different IP's over time; I don't' want the IP in the local 192.168.20.0 network to be revealed. Instead I want it to appear NATted, so it will be 192.168.30.170 + a port for this connection. In other words I want it to look like the host on the 192.168.20.0 network initiated the connection. For reference here is my diagram again: > >> local host dns/nat gateway remote host > >> 192.168.20.171 192.168.20.170 192.168.30.172 > >> 192.168.30.170 > >> inside ----->>> nat >>> ------ outside As you can see, DNAT would no do for my requirements since I'd have to add/delete iptables rules, which I supposed I could do, but doesn't seem te right approach. Now since my original posting I have been reading code and have manged to create an e'expect' connection by upgrading to the latest 4.4 kernel. In this version I find the sample test 'create-expect' works. After succeeding with this I realize I may need to build a kernel module for the expectation and have started looking at the kernel code for this, such as those for FTP etc. /bill -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html