Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have one interet connection and I want to distribute it through the LAN. My server is running on Fedora Core 5. I have used NAT do do it. My iptables script looks like this:
Everything is working but not DNS on local PC's. DNS is working only on server. I mean that local PC's can connect to outer servers using its IPs but not host names.
I am not using DHCP. My local machines are running on WIN XP. Their config is like this:
IP : 192.168.0.x
MASK: 255.255.255.0
GATEWAT: 192.168.0.1 (eth1 from server)
DNS: x.y.z.a (My net provider DNS, which is working on server by the way)
For example when I ping googles on my server I get response with IP of google.
When I use it on local PC then google is responding but when I am using host name it does not.
for nameserver in `grep nameserver /etc/resolv.conf | gawk -F" " '{print $2}'`; do iptables -t nat -A PREROUTING -d <YOUR-IPADDRESS> -j DNAT --to-destination $nameserver; echo -e " Name server defined at $nameserver"; done
Obviously 194.204.152.34 and 194.204.159.1 are IP's of DNS servers.
But it does not work. Did I make something wrong or this is bad solution. What I understend is taht everything what comes from out net now is changed like it comes from DNS servers. Maybe only this what realy comes from them shuld be changed. I mean source sholud be not anywhere but for first server its IP and fo the second its? This is what I think but I am complete newbie so please do not take it to serious.
Soroko;
I am not sure but some ISP donot encourage SNATing/MASQUERADing & hence they drop the packets apart from a fixed ttl value. This is ofcourse meant for some security part as only fixed boxes at your client side can only approach your ISP boxes. (You can confirm this with them)
Though if you can ping your dns-server ips from your lan-boxes; then it could be a possibilty that it shouldnt be the case. (though it all depends on if they would have not marked icmp packets for this consideration)
Apart from the above scenario; You can obviously opt for
1. hosting a dns caching server @ your server box & then configuring all your clients to resolve domain queries from it.
2. Or you can opt for a SQUID (web caching server); not configured in transparent mode.
I will try to solve the problem like you said, but I can ping my DNS-servers from Lan-boxes, so the your explanation is probably wrong. If you find out something about this problem I will be very gratefull for posting again.
The problem was firewall. I had blocked UDP on port 53(DNS port). When I open it start to work. I hope this thread will help other folks who have similar problems. Thanks for all who wanted to help me.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Just remember that DNS can fall back to using TCP for extremely large responses. 53/tcp isn't just for zone transfers (although that's the primary use).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.