Re: [vox-tech] tinydns behind NAT firewall?

To: vox-tech@listMAPSs.lugod.org
Subject: Re: [vox-tech] tinydns behind NAT firewall?
From: Samuel Merritt <spamMAPS@andcheese.org>
Date: Sun, 9 Feb 2003 11:37:20 -0800
Delivered-to: lugod@livepenguin.com
Delivered-to: vox-tech@livepenguin.com
In-reply-to: <200302091124.51635.spn@ucdavis.edu>
List-archive: <http://lists.lugod.org/pipermail/vox-tech/>
List-help: <mailto:vox-tech-request@lists.lugod.org?subject=help>
List-id: lugod's technical discussion forum <vox-tech.lists.lugod.org>
List-post: <mailto:vox-tech@lists.lugod.org>
List-subscribe: <http://lists.lugod.org/mailman/listinfo/vox-tech>,<mailto:vox-tech-request@lists.lugod.org?subject=subscribe>
List-unsubscribe: <http://lists.lugod.org/mailman/listinfo/vox-tech>,<mailto:vox-tech-request@lists.lugod.org?subject=unsubscribe>
References: <200302091124.51635.spn@ucdavis.edu>
Reply-to: vox-tech@listMAPSs.lugod.org
Sender: vox-tech-admin@lMAPSists.lugod.org
User-agent: Mutt/1.4i

On Sun, Feb 09, 2003 at 11:24:51AM -0800, Shawn P. Neugebauer wrote:
> Well, I'm finally getting around to setting up my own DNS server/cache,
> and I've run into a problem.
> 
> Is it generally possible to run tinydns behind a (dedicated) NAT firewall
> (a netgear RP114)?  The problem is that the name server wants to run
> on an interface having the published name server IP address, but, of
> course, it's behind a firewall masquerading as that IP address (thus,
> the firewall is doing translation, so DNS queries could never make it to
> the right interface).

Any decent NAT box will have a way to forward packets to internal
machines. You should be able to set up a rule that packets destined for
the NAT box's external interface, port 53, type UDP, get forwarded to
the DNS server. 

If your Netgear RP114 lacks this capability, I suggest setting up a
Linux-based NAT box. It'll give you more control over your network
traffic than any Netgear/Linksys/whatever NAT box. 

> I've been digging through google searches, without finding anything obvious,
> so I thought I would ask out loud here before I dig deep.
> 
> shawn.

-- 
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/pgp/

Attachment: pgp00003.pgp
Description: PGP signature

Follow-Ups:
- Re: [vox-tech] tinydns behind NAT firewall?
  - From: Shawn P. Neugebauer

References:
- [vox-tech] tinydns behind NAT firewall?
  - From: Shawn P. Neugebauer

Prev by Date: [vox-tech] tinydns behind NAT firewall?
Next by Date: [vox-tech] Can a username be changed?
Previous by thread: [vox-tech] tinydns behind NAT firewall?
Next by thread: Re: [vox-tech] tinydns behind NAT firewall?
Index(es):
- Date
- Thread

LUGOD Group on LinkedIn

LUGOD Group on Facebook

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
1105 Kennedy Place, Suite 1, Davis, CA 95616
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.