l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 7: Social gathering
Next Installfest:
TBD
Latest News:
Aug. 18: Discounts to "Velocity" in NY; come to tonight's "Photography" talk
Page last updated:
2003 Feb 09 13:45

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] tinydns behind NAT firewall?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] tinydns behind NAT firewall?



On Sunday 09 February 2003 11:37 am, Samuel Merritt wrote:
> On Sun, Feb 09, 2003 at 11:24:51AM -0800, Shawn P. Neugebauer wrote:
> > Well, I'm finally getting around to setting up my own DNS server/cache,
> > and I've run into a problem.
> >
> > Is it generally possible to run tinydns behind a (dedicated) NAT firewall
> > (a netgear RP114)?  The problem is that the name server wants to run
> > on an interface having the published name server IP address, but, of
> > course, it's behind a firewall masquerading as that IP address (thus,
> > the firewall is doing translation, so DNS queries could never make it to
> > the right interface).
>
> Any decent NAT box will have a way to forward packets to internal
> machines. You should be able to set up a rule that packets destined for
> the NAT box's external interface, port 53, type UDP, get forwarded to
> the DNS server.

Yes, it does have such forwarding capabilities, and I use them in a variety
of ways.  The problem here isn't the forwarding--that's easy and works
great--the problem is the forwarded packets get sent to the
internal machine using the *internal* IP address--and tinydns wants to
run on an interface having the *external* IP address (IP aliasing is not
the answer here, at least not by itself).

If this is at all possible, it has to involve some type of non-standard
tinydns configuration, at least, and I'm hopeful that on the many 
tinydns users on the list will have a clue... :)

shawn.

_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.