Re: Redirect to domain name instead of ip
Lars, see comments below;
On Sat, 2006-09-23 at 15:20 +0200, Lars Staun Knudsen wrote:
> Thank you for the reply, the lines works fine. But I've still got a
> dynamic problem, the ip can change with dhcp and therefore it would
> be perfect if i could use a domain name. DDns (bind9) is working
> along with dhcp3-server.
If you have control over the DHCP server, and the destination system has
a static MAC address (as in you don't change systems occasionally), have
dhcp3-server offer a fixed-address based on the MAC:
host intrahostname {
hardware ethernet 00:60:B0:9B:59:2D;
fixed-address 172.16.0.30;
}
> The PREROUTING line is complaining if I write pc.dom.dk instead of
> 172.16.0.30, is there a way to bypass this problem?
The main trouble with using hostnames with iptables is that the IP/s
is/are resolved at the time the rule is added. As you say, you are
using DDNS, so your IP is likely to change. After IP changes, your
firewalll will still be working with the old IP until you re-run your
firewall script or manually fix these rules. This tends to be more of a
maintenance hassle than having an internal host with dynamic IP is
worth. Working with static IPs in firewalls is the best advice I can
offer. Especially for something as sensitive as a DNAT target.
> And another problem i just though of, if the iptables-script is
> executed at a time where pc.dom.dk hasn't got a dhcp-release yet,
> there will be no answer in the dns-lookup. So any experience on what
> behavior iptables have when there is not ip resolved from the domain
> name. Is the rule just set or will the rule return an error.
An error is returned and no rule is added.
Best Regards
--
Kenny
-+---+++-++-++++--+------+-+-++--++--+-+-++--+++-++----+-++-+++---+----+--+----+
Reply to: