Results 1 to 4 of 4

Thread: iptables and dns lookup

Hybrid View

  1. #1

    Smile iptables and dns lookup

    hi,

    i have the following setup:

    LAN --- Linux Box ---- ISP (Internet)

    my goal:

    let my LAN access the internet via Linux Box using iptables and using
    my linux box as DNS for my LAN

    what i have done:

    1. install bind
    2. set the following:

    #!/bin/sh
    #
    # FLUSH ALL
    /usr/sbin/iptables -F
    /usr/sbin/iptables -X
    /usr/sbin/iptables -t nat -F
    /usr/sbin/iptables -t nat -X
    /usr/sbin/iptables -t mangle -F
    /usr/sbin/iptables -t mangle -X
    #
    # ALLOW ETH1 ACCESS TO OUTSIDE
    /usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
    /usr/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
    /usr/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT


    my testing:

    my LAN can access the internet if i will use my ISP DNS in my LAN PCs but if i will use my linux box DNS for my LAN PCs, they cannot access the internet. If i will ping a website while in my linux box, i can ping the website, my linux box uses itself as its resolver/DNS

    thank you for you help

    mekyong

  2. #2
    Associate
    Join Date
    Sep 2006
    Posts
    24
    Hello,

    Quote Originally Posted by mekyong View Post
    hi,

    my testing:

    my LAN can access the internet if i will use my ISP DNS in my LAN PCs but if i will use my linux box DNS for my LAN PCs, they cannot access the internet. If i will ping a website while in my linux box, i can ping the website, my linux box uses itself as its resolver/DNS

    thank you for you help

    mekyong
    I prefer to use dnsmaq is easier than try to configure bind

    But I think you must check in the dns server:

    1. if the hints files are in the right location
    2. check the resolv.conf file
    3. check /etc/host.conf

  3. #3
    Junior Member
    Join Date
    Sep 2006
    Posts
    70
    resolv.conf should have Ip of the DNS server. and make sure you are able to connect to port 53 of Linux box from the machines on your LAN.

  4. #4
    You might also need to configure your Linux server as a router depending upon your network setup.

    I don't think just setting MASQ is enough.

Similar Threads

  1. iptables
    By digitalspy99 in forum Linux - General Topics
    Replies: 1
    Last Post: 08-05-2008, 03:42 AM
  2. Need help with iptables
    By Pioneo in forum Linux - Software, Applications & Programming
    Replies: 17
    Last Post: 04-28-2008, 01:33 AM
  3. Internal DNS lookup failure
    By CP in forum Linux - Hardware, Networking & Security
    Replies: 8
    Last Post: 03-03-2003, 09:29 AM
  4. keycode lookup
    By gorn in forum Linux - Software, Applications & Programming
    Replies: 2
    Last Post: 03-24-2002, 02:59 PM
  5. iptables
    By elovkoff in forum Security
    Replies: 9
    Last Post: 03-19-2002, 02:23 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •