Re: UDP NAT [Nat to DNS Server]
--- Ryan White <ryan@itamigo.com> (2001-12-18 17:20):
> That is in fact what I am trying to do. I already tried to forward port 53
> for both tcp and UDP but the problem is the packets are never coming back
> out of the NAT. TCP works fine but dns uses UDP mostly. In addition to DNS
> one of the departments within our network needs a "bidirectional" UDP NAT.
> The configuration was working when we were using a Cisco firewall so I
> assume it can be done.
>
> Here is a diagram.
>
> ----------- ----------------- -----------
> | Internet |---| Linux Firewall |-----| Switch |
> ----------- ----------------- -----------
> | |
> | | ---------------------
> | |------| UDP NAT port 2001 |
> | ---------------------
> ---|--------
> |DNS Server|
> ------------
>
> Here is my UDP nat attempt.
> $IPTABLES -A PREROUTING -p udp -t nat -d pub.lic.ip.add --dport 2001 -j
> DNAT --to 172.16.1.253:2001
That line will take care of the incoming packets, but you need something
to allow the packets out properly.
I've got the following in addition to a rule like the above:
${iptables} -t nat -A POSTROUTING -o ${inet_iface} -j MASQUERADE
Since I've got a dynamic address I use MASQUERADE, but if you've got a
static internet facing address, you may want to look into SNAT - the man
page for iptables should help you there.
Cheers,
Sean
--
Sean Quinlan (smq@gmx.co.uk)
Reply to: