Results 1 to 2 of 2

Thread: DNS and NAT... sorry.

Hybrid View

  1. #1

    DNS and NAT... sorry.

    I am sure this has been answered before... I just exceeded my 3-hour limit on head-banging. I am looking for a sense of direction, as I am sure I can fill in the blanks.

    I have a working DNS Server, where I can resolve anyname.mydomain.org to any desired ip address. Nameservers from mydomain.org are correctly pointed to my DNS server. So now, I want to be able to route the traffic to a specific machine on the LAN based on my DNS server's resolution. The server has 2 ethernet cards, one listening to WAN traffic and the other to LAN traffic. Everything works...

    I want for anyone on the outside (WAN) to be able to ping (or whatever) anymachine.mydomain.org and the traffic to be routed through the DNS server to the actual machine. More concretely, using bind9, I have associated machine1.mydomain.org to 172.25.253.182. So, from the LAN, if I ping machine1.mydomain.org I get the expected result. However, if I do the same thing from the WAN, then my request is resolved also to 172.25.253.182 (which usually does not exist). I somehow want it resolved to machine1.mydomain.org... I've been fiddling iptables without success... I don't seem to get the hang on how to route the "output" of bind through iptables...

    Suggestions are appreciated. Thanks for your time!

    -zbot

  2. #2
    I'm not exactly sure what you mean by routing connections, but I think I have an idea.

    To serve different answers given different criteria is possible in bind. Edit /etc/named.conf and create two ACL lists.

    acl "trusted" {
    172.25.253.0/24;
    localhost;
    }

    Then your different stanzas.

    view "internal-in" in {
    match-clients { trusted; };
    ...
    }

    view "external-in" in {
    match-clients { any; };
    ...
    }

    This will give you control given the vector of the client, and you don't need to mess with iptables.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •