iptables and dns lookup

[mekyong]

hi,

i have the following setup:

LAN — Linux Box —- ISP (Internet)

my goal:

let my LAN access the internet via Linux Box using iptables and using
my linux box as DNS for my LAN

what i have done:

1. install bind
2. set the following:

#!/bin/sh
#
# FLUSH ALL
/usr/sbin/iptables -F
/usr/sbin/iptables -X
/usr/sbin/iptables -t nat -F
/usr/sbin/iptables -t nat -X
/usr/sbin/iptables -t mangle -F
/usr/sbin/iptables -t mangle -X
#
# ALLOW ETH1 ACCESS TO OUTSIDE
/usr/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/usr/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
/usr/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT


my testing:

my LAN can access the internet if i will use my ISP DNS in my LAN PCs but if i will use my linux box DNS for my LAN PCs, they cannot access the internet. If i will ping a website while in my linux box, i can ping the website, my linux box uses itself as its resolver/DNS

thank you for you help

mekyong

[roche]

Hello,

hi,

my testing:

my LAN can access the internet if i will use my ISP DNS in my LAN PCs but if i will use my linux box DNS for my LAN PCs, they cannot access the internet. If i will ping a website while in my linux box, i can ping the website, my linux box uses itself as its resolver/DNS

thank you for you help

mekyong

I prefer to use dnsmaq is easier than try to configure bind

But I think you must check in the dns server:

1. if the hints files are in the right location
2. check the resolv.conf file
3. check /etc/host.conf

[explorer]

resolv.conf should have Ip of the DNS server. and make sure you are able to connect to port 53 of Linux box from the machines on your LAN.

[c_henry]

You might also need to configure your Linux server as a router depending upon your network setup.

I don’t think just setting MASQ is enough.