On Sunday 09 February 2003 11:37 am, Samuel Merritt wrote: > On Sun, Feb 09, 2003 at 11:24:51AM -0800, Shawn P. Neugebauer wrote: > > Well, I'm finally getting around to setting up my own DNS server/cache, > > and I've run into a problem. > > > > Is it generally possible to run tinydns behind a (dedicated) NAT firewall > > (a netgear RP114)? The problem is that the name server wants to run > > on an interface having the published name server IP address, but, of > > course, it's behind a firewall masquerading as that IP address (thus, > > the firewall is doing translation, so DNS queries could never make it to > > the right interface). > > Any decent NAT box will have a way to forward packets to internal > machines. You should be able to set up a rule that packets destined for > the NAT box's external interface, port 53, type UDP, get forwarded to > the DNS server.
Yes, it does have such forwarding capabilities, and I use them in a variety of ways. The problem here isn't the forwarding--that's easy and works great--the problem is the forwarded packets get sent to the internal machine using the *internal* IP address--and tinydns wants to run on an interface having the *external* IP address (IP aliasing is not the answer here, at least not by itself). If this is at all possible, it has to involve some type of non-standard tinydns configuration, at least, and I'm hopeful that on the many tinydns users on the list will have a clue... :) shawn. _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
