You need to NAT port 53 (tcp and udp) # iptables -t nat -A PREROUTING -i $EXT_IFACE -p tcp --dport 53 -j DNAT --to $DNS_INTERNAL_IP_HERE # iptables -t nat -A PREROUTING -i $EXT_IFACE -p udp --dport 53 -j DNAT --to $DNS_INTERNAL_IP_HERE
you may also need to allow FORWARD traffic to port 53 both for tcp and udp (I'm assuming here that you have DROP as the default policy for the 3 major chains) # iptables -A FORWARD -i $EXT_IFACE -p tcp --dport 53 -d $DNS_INTERNAL_IP_HERE # iptables -A FORWARD -i $EXT_IFACE -p udp --dport 53 -d $DNS_INTERNAL_IP_HERE and by the way, don't forget to set the DNS server's default gateway to the internal IP of your firewall and also don't forget to enable ip forwarding either via sysctl or rc.local -jon- On 8/4/05, bodgie <[EMAIL PROTECTED]> wrote: > On 8/4/05, Elmer Rivera <[EMAIL PROTECTED]> wrote: > > i have an dns server on my private lan, i would like to allow the public to > > query the service, furthermore its being natted on my linux box. > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List [email protected] (#PLUG @ irc.free.net.ph) Read the Guidelines: http://linux.org.ph/lists Searchable Archives: http://archives.free.net.ph
