Re: UDP NAT [Nat to DNS Server]
On Tue, 18 Dec 2001, Ryan White wrote:
> That is in fact what I am trying to do. I already tried to forward port 53
> for both tcp and UDP but the problem is the packets are never coming back
> out of the NAT. TCP works fine but dns uses UDP mostly. In addition to DNS
That's odd, because I've got a line similar in my firewall config, and it
works a treat:
(apologies for wrapping)
# DNS goes to klystron
$FW -A PREROUTING -t nat -p tcp -d 130.130.88.183 --dport 53 -j DNAT --to 192.168.84.4:53
$FW -A PREROUTING -t nat -p udp -d 130.130.88.183 --dport 53 -j DNAT --to 192.168.84.4:53
And DNS lookups work fine (at least, INWW hasn't complained yet!).
As for other ports, I can't see any reason why it wouldn't work. We've got
Quake aplenty going just fine behind here.
> one of the departments within our network needs a "bidirectional" UDP NAT.
Define "bidirectional" in this case. I think you just want a regular port
forwarding NAT, where packets from the outside world get forwarded to a
private IP, and the returning packets get munged back to real-world values.
> Here is my UDP nat attempt.
> $IPTABLES -A PREROUTING -p udp -t nat -d pub.lic.ip.add --dport 2001 -j
> DNAT --to 172.16.1.253:2001
This should be fine. As you can see, it's identical to mine above, in
effect. Perhaps you should turn on some logging and see if your logs show
anything pertinent.
--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@ieee.uow.edu.au
Reply to: