shacky wrote: > Hi. > > I have to configure a DNAT rule in Shorewall with a DNS hostname as > destination of the DNAT, because the destination host could be changed > sometimes, but the port needs to be the same. > If I configure a DNAT rule using a DNS hostname (for example > "myhost.mylan.local:12345", Shorewall query the DNS server at the > startup only or everytime there is a packet to be natted? > If I change the IP address of that DNS record, have I to restart Shorewall? > Yes, the rule will contain the IP only. Apart from that you might want to hardcode so that DNS-failure will not let your shorewall startup fail also, and you also make DNS-spoofing attacks during shorewall startup useless.
roman PS: I have a cron job running that checks the DNS of relevant IPs every day and sends me notification about changes. Then I check and if seems ok, take the new IP > Thank you very much! > Bye. > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
