/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
YAN Daniel wrote:
> Hi there,
>
> i have a linux box which connected to Internet with 2
> ip (ipA and ipB), and connected to interal network
> with 192.168.0.1.
>
> i have a DNS with 192.168.0.2 and a web with
> 192.168.0.3 inside our network. and write 2 records in
> DNS,
> ns.abc.com<->ipA
> www.abc.com<->ipB
> ns.abc.com is registered at NIC, www host is created
> by me.
>
> now i've done this command on linux,
> ipmasqadm portfw -a -P tcp -L ipA 53 -R 192.168.0.2 53
> ipmasqadm portfw -a -P udp -L ipA 53 -R 192.168.0.2 53
> ipmasqadm portfw -a -P tcp -L ipB 80 -R 192.168.0.3 80
>
> then i can resolve all of Internet hosts names within
> the internal network using the DNS(192.168.0.2), but
> Internet users can't resolve anything using DNS(ipA).
>
> why?
>
> thank you for ur help.
it could be several things.
have you turned on masquerading?
port forwarding can't work without masquerading.
this wouldn't prevent dns queries working from
inside the internal network.
are ipA and ipB two addresses on the same interface?
or are they separate interfaces? if they are two addresses
for the on the same interface, which address is added to
the interface first, ipA or ipB?
if there's only one external interface, and ipB is the first
address given to it, then port forwarding queries for ipA
will result in outgoing reply queries that have ipB as their
source address, thus confusing external tcp/ip stacks. this
can be fixed with the iproute2 package. look for "alias port
forwarding" at http://fwup.org/ for an example.
could it be either of these? i'd suggest using a packet
sniffer to see exactly what's happening. that usually helps
enormously.
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
