Re: DNS behind firewal (using external IP)

To: debian-firewal-list <debian-firewall@lists.debian.org>
Subject: Re: DNS behind firewal (using external IP)
From: Frederik Schueler <fs@lowpingbastards.de>
Date: Wed, 2 Oct 2002 08:35:34 +0200
Message-id: <[🔎] 20021002063534.GA16330@lowpingbastards.de>
Mail-followup-to: debian-firewal-list <debian-firewall@lists.debian.org>
In-reply-to: <[🔎] 1033495808.14647.22.camel@smlinux.drive-megawheels.com>
References: <[🔎] 1033495808.14647.22.camel@smlinux.drive-megawheels.com>

Hi!

On Tue, Oct 01, 2002 at 02:10:04PM -0400, Sean McAvoy wrote:
> Hello,
> I've got a system behind a firewall (assigned a CIDR address, on a DMZ
> interface), with my firewall assigned an extra external IP for the DNS
> server. I've set it up so it answers ARP requests, and have NAT setup so
> it forwards the DNS requests to the server (using DNAT). Problem is I
> can't seem to get DNS transfers working (it's slaves cannot transfer,
> and it can't receive NOTIFY from servers it is slave to). I verified
> that DNS tcp port is being translated as well (tcp 53), but still no
> luck. Any ideas?

With "answer ARP requests" you mean proxy_arp? this is usual for
bridges, not for NAT of a private network. DNAT to a private address
should work as expected without it. maybe you have to SNAT the replys of
your DNS to the public IP address alias on the firewall interface?

HTH
Frederik Schüler

Reply to:

References:
- DNS behind firewal (using external IP)
  - From: Sean McAvoy <sean.mcavoy@megawheels.com>

Prev by Date: Re: iptables NAT SOLVED
Next by Date: new ressources page: hardening
Previous by thread: DNS behind firewal (using external IP)
Next by thread: Re: iptables NAT SOLVED
Index(es):
- Date
- Thread