iptables and dns lookup
hi,
i have the following setup:
LAN — Linux Box —- ISP (Internet)
my goal:
let my LAN access the internet via Linux Box using iptables and using
my linux box as DNS for my LAN
what i have done:
1. install bind
2. set the following:
#!/bin/sh
#
# FLUSH ALL
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
#
# ALLOW ETH1 ACCESS TO OUTSIDE
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/usr/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
/usr/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
my testing:
my LAN can access the internet if i will use my ISP DNS in my LAN PCs but if i will use my linux box DNS for my LAN PCs, they cannot access the internet. If i will ping a website while in my linux box, i can ping the website, my linux box uses itself as its resolver/DNS
thank you for you help
mekyong
resolv.conf should have Ip of the DNS server. and make sure you are able to connect to port 53 of Linux box from the machines on your LAN.
|
|
You might also need to configure your Linux server as a router depending upon your network setup.
I don’t think just setting MASQ is enough.
Posting Permissions
Reply With Quote
Bookmarks