Re: DNS not responding
From: Jason Dixon (jason_at_dixongroup.net)
Date: 11/28/03
- Previous message: Herculano de Lima Einloft Neto: "Re: Fedora - ports 32770-1 open"
- In reply to: Richard Bewley: "DNS not responding"
- Next in thread: Richard Bewley: "RE: DNS not responding"
- Reply: Richard Bewley: "RE: DNS not responding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: Red Hat Mailing List <redhat-list@redhat.com> Date: 27 Nov 2003 21:09:25 -0500
On Thu, 2003-11-27 at 20:41, Richard Bewley wrote:
> Hello,
>
> This is more of a networking question, than a redhat specific question, or
> dns. Basically, on my setup, I have an ISDN line, which is connected to a
> Cisco router, 10.3.0.1. This is connected directly to eth1 of my linux box,
> which eth1 has the ip address 10.3.0.10. The other interface, eth0 has IP
> address 10.5.0.1, and handles all of my internal stuff, and acts as
> firewall/gateway. I plan to shortly get rid of the ISDN line and Cisco
> router, which is why I've moved to this setup.
>
> On the Cisco, I have the following lines:
> ip nat inside source static tcp 10.3.0.10 53 12.159.185.248 53 extendable
> ip nat inside source static udp 10.3.0.10 53 12.159.185.248 53 extendable
>
> This allows all tcp and udp requests on port 53 to be forwarded to my linux
> box. Now, when I do a dig @12.159.185.248 domain.com, it times out. When I
> check the named logs on my linux box, I can see the query, so I know the
> packet is coming in and being forwarded to the box correctly, however the
> problem seems to be that the packet is never able to go back out again.
> Just for troubleshooting, I added the following to iptables:
I'm no Cisco expert, so I don't fully comprehend what your syntax
attempts to do, but I suspect you're doing what some folks refer to as
"reflection". You're attempting to bounce traffic internally, but you
haven't translated the source address on the redirected packets.
Because of this, the linux box sees the source address of the packet as
being from a client on the same LAN, and attempts to deliver the return
packet directly, rather than routing it back through the router as it
should.
You have a few different choices:
1a) Rather than try to mangle DNS, go ahead and set your clients' DNS
settings to point to the Linux server.
1b) If you're trying to redirect requests for your own zones, use
split-horizon DNS.
2) Translate the source address at the router when you perform
redirection (dest address translation).
3) Add a static route on your Linux box for 10.3.0.10/? to go through
the default gateway (override the default LAN/interface behavior).
You'll also have to add the extra NAT rules to your router to support
this "bounce" effect. This is the ugliest, but it should work. I've
never done this on Cisco, but I've done it on Linux/*BSD gateways.
Hope this makes sense. It would help if you could give a better
explanation of your desired end result (what you're *really* trying to
accomplish).
-- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net -- redhat-list mailing list unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
- Previous message: Herculano de Lima Einloft Neto: "Re: Fedora - ports 32770-1 open"
- In reply to: Richard Bewley: "DNS not responding"
- Next in thread: Richard Bewley: "RE: DNS not responding"
- Reply: Richard Bewley: "RE: DNS not responding"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
