On Thu, 28 Dec 2000, Olivier Kaloudoff wrote:
> Hi,
>
> on our local lan, we're using pdnsd
> to cache dns requests.
>
> at this time, we need to reconfigure
> clients in order to benefit from this local server.
>
> Is there a way to do "transparent proxy"
> for requests on port 53 to our gateway ?
>
> Here is what I tried, but it didn't work:
>
> /sbin/ipchains -I input -p tcp -d 0/0 53 -j REDIRECT 53
>
> [root @ge] ipchains -L | grep domain:
> REDIRECT tcp ------ anywhere anywhere any ->
> domain => domain
yes i have done this before with ipf. at one point i had all my clients
configured to use the firewall and the dns server (which is was running
named internally). when i reinstalled a stripped down copy of OpenBSD that
did not have named, all my clients were going to have to manually be
changed. i decided to redirect all port 53 queries with a destination of
the firewall to my ISPs dns server.
the rules looks like this:
rdr vr0 192.168.10.1/32 port 53 -> 209.236.128.128 port 53 udp
rdr vr0 192.168.10.1/32 port 53 -> 209.236.128.128 port 53 tcp
i am now running internal DNS again, but for the time being it worked. i
think you are going to have to specify your caching dns server as the
destination. good luck!
cheers,
.truman.boyes.
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
