[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: UDP NAT [Nat to DNS Server]

On Tue, 18 Dec 2001, Ryan White wrote:

> That is in fact what I am trying to do. I already tried to forward port 53
> for both tcp and UDP but the problem is the packets are never coming back
> out of the NAT. TCP works fine but dns uses UDP mostly. In addition to DNS

That's odd, because I've got a line similar in my firewall config, and it
works a treat:

(apologies for wrapping)
# DNS goes to klystron
$FW -A PREROUTING -t nat -p tcp -d --dport 53 -j DNAT --to
$FW -A PREROUTING -t nat -p udp -d --dport 53 -j DNAT --to

And DNS lookups work fine (at least, INWW hasn't complained yet!).

As for other ports, I can't see any reason why it wouldn't work.  We've got
Quake aplenty going just fine behind here.

> one of the departments within our network needs a "bidirectional" UDP NAT.

Define "bidirectional" in this case.  I think you just want a regular port
forwarding NAT, where packets from the outside world get forwarded to a
private IP, and the returning packets get munged back to real-world values.

> Here is my UDP nat attempt.
> $IPTABLES -A PREROUTING -p udp -t nat -d pub.lic.ip.add --dport 2001 -j
> DNAT --to

This should be fine.  As you can see, it's identical to mine above, in
effect.  Perhaps you should turn on some logging and see if your logs show
anything pertinent.

#include <disclaimer.h>
Matthew Palmer

Reply to: