Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
11-14-2006, 03:52 AM
|
#1
|
LQ Newbie
Registered: Nov 2006
Posts: 4
Rep:
|
DNS Problem in subnet with NAT
Hi,
I have one interet connection and I want to distribute it through the LAN. My server is running on Fedora Core 5. I have used NAT do do it. My iptables script looks like this:
./sbin/iptables -t nat -A POSTROUTING -s 192.168.0.2/255.255.255.0 -j SNAT --to 83.12.39.110
echo 1 > /proc/sys/net/ipv4/ip_forward
Everything is working but not DNS on local PC's. DNS is working only on server. I mean that local PC's can connect to outer servers using its IPs but not host names.
I am not using DHCP. My local machines are running on WIN XP. Their config is like this:
IP : 192.168.0.x
MASK: 255.255.255.0
GATEWAT: 192.168.0.1 (eth1 from server)
DNS: x.y.z.a (My net provider DNS, which is working on server by the way)
For example when I ping googles on my server I get response with IP of google.
When I use it on local PC then google is responding but when I am using host name it does not.
Please help.
|
|
|
11-14-2006, 04:03 AM
|
#2
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Rep:
|
Hi Soroka2000,
Quote:
for nameserver in `grep nameserver /etc/resolv.conf | gawk -F" " '{print $2}'`; do iptables -t nat -A PREROUTING -d <YOUR-IPADDRESS> -j DNAT --to-destination $nameserver; echo -e " Name server defined at $nameserver"; done
|
I Hope this helps you out,
Aniruddha
Last edited by imagineers7; 11-14-2006 at 04:04 AM.
|
|
|
11-14-2006, 04:50 AM
|
#3
|
LQ Newbie
Registered: Nov 2006
Posts: 4
Original Poster
Rep:
|
Thanks for reply
I did what you suggest. Command /sbin/iptables -t nat -L shows now:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 192.168.0.0/24 to:194.204.152.34
DNAT all -- anywhere 192.168.0.0/24 to:194.204.159.1
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.0.0/24 anywhere to:83.12.39.110
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Obviously 194.204.152.34 and 194.204.159.1 are IP's of DNS servers.
But it does not work. Did I make something wrong or this is bad solution. What I understend is taht everything what comes from out net now is changed like it comes from DNS servers. Maybe only this what realy comes from them shuld be changed. I mean source sholud be not anywhere but for first server its IP and fo the second its? This is what I think but I am complete newbie so please do not take it to serious.
Thanks for next reply in advanced!!!
|
|
|
11-14-2006, 08:04 AM
|
#4
|
Member
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777
Rep:
|
Soroko;
I am not sure but some ISP donot encourage SNATing/MASQUERADing & hence they drop the packets apart from a fixed ttl value. This is ofcourse meant for some security part as only fixed boxes at your client side can only approach your ISP boxes. (You can confirm this with them)
Though if you can ping your dns-server ips from your lan-boxes; then it could be a possibilty that it shouldnt be the case. (though it all depends on if they would have not marked icmp packets for this consideration)
Apart from the above scenario; You can obviously opt for
1. hosting a dns caching server @ your server box & then configuring all your clients to resolve domain queries from it.
2. Or you can opt for a SQUID (web caching server); not configured in transparent mode.
|
|
|
11-14-2006, 12:06 PM
|
#5
|
LQ Newbie
Registered: Nov 2006
Posts: 4
Original Poster
Rep:
|
Dns With Nat
Thanks.
I will try to solve the problem like you said, but I can ping my DNS-servers from Lan-boxes, so the your explanation is probably wrong. If you find out something about this problem I will be very gratefull for posting again.
|
|
|
11-15-2006, 02:16 AM
|
#6
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Rep:
|
Hi Soroko2000,
This is a great startup link for masquerading using iptables:-
http://tldp.org/HOWTO/html_single/Ma...-Simple-HOWTO/
Also I found this to be of great use:-
http://billauer.co.il/ipmasq-html.html
Aniruddha
|
|
|
11-15-2006, 02:55 AM
|
#7
|
LQ Newbie
Registered: Nov 2006
Posts: 4
Original Poster
Rep:
|
Solved
The problem was firewall. I had blocked UDP on port 53(DNS port). When I open it start to work. I hope this thread will help other folks who have similar problems. Thanks for all who wanted to help me.
Soroka2000
|
|
|
11-15-2006, 03:22 AM
|
#8
|
Member
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310
Rep:
|
Hi soroka2000,
Can you post the things step by step to help others find out the solution in future?
Aniruddha
|
|
|
11-15-2006, 04:40 AM
|
#9
|
Senior Member
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
|
Just remember that DNS can fall back to using TCP for extremely large responses. 53/tcp isn't just for zone transfers (although that's the primary use).
|
|
|
All times are GMT -5. The time now is 06:31 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|