LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-14-2006, 03:52 AM   #1
soroka2000
LQ Newbie
 
Registered: Nov 2006
Posts: 4

Rep: Reputation: 0
Unhappy DNS Problem in subnet with NAT


Hi,

I have one interet connection and I want to distribute it through the LAN. My server is running on Fedora Core 5. I have used NAT do do it. My iptables script looks like this:

./sbin/iptables -t nat -A POSTROUTING -s 192.168.0.2/255.255.255.0 -j SNAT --to 83.12.39.110
echo 1 > /proc/sys/net/ipv4/ip_forward

Everything is working but not DNS on local PC's. DNS is working only on server. I mean that local PC's can connect to outer servers using its IPs but not host names.
I am not using DHCP. My local machines are running on WIN XP. Their config is like this:

IP : 192.168.0.x
MASK: 255.255.255.0
GATEWAT: 192.168.0.1 (eth1 from server)
DNS: x.y.z.a (My net provider DNS, which is working on server by the way)

For example when I ping googles on my server I get response with IP of google.
When I use it on local PC then google is responding but when I am using host name it does not.

Please help.
 
Old 11-14-2006, 04:03 AM   #2
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Rep: Reputation: 30
Hi Soroka2000,

Quote:
for nameserver in `grep nameserver /etc/resolv.conf | gawk -F" " '{print $2}'`; do iptables -t nat -A PREROUTING -d <YOUR-IPADDRESS> -j DNAT --to-destination $nameserver; echo -e " Name server defined at $nameserver"; done
I Hope this helps you out,




Aniruddha

Last edited by imagineers7; 11-14-2006 at 04:04 AM.
 
Old 11-14-2006, 04:50 AM   #3
soroka2000
LQ Newbie
 
Registered: Nov 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Thumbs down Thanks for reply

I did what you suggest. Command /sbin/iptables -t nat -L shows now:
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere 192.168.0.0/24 to:194.204.152.34
DNAT all -- anywhere 192.168.0.0/24 to:194.204.159.1

Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.0.0/24 anywhere to:83.12.39.110

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Obviously 194.204.152.34 and 194.204.159.1 are IP's of DNS servers.
But it does not work. Did I make something wrong or this is bad solution. What I understend is taht everything what comes from out net now is changed like it comes from DNS servers. Maybe only this what realy comes from them shuld be changed. I mean source sholud be not anywhere but for first server its IP and fo the second its? This is what I think but I am complete newbie so please do not take it to serious.

Thanks for next reply in advanced!!!
 
Old 11-14-2006, 08:04 AM   #4
amitsharma_26
Member
 
Registered: Sep 2005
Location: New delhi
Distribution: RHEL 3.0/4.0
Posts: 777

Rep: Reputation: 31
Soroko;
I am not sure but some ISP donot encourage SNATing/MASQUERADing & hence they drop the packets apart from a fixed ttl value. This is ofcourse meant for some security part as only fixed boxes at your client side can only approach your ISP boxes. (You can confirm this with them)

Though if you can ping your dns-server ips from your lan-boxes; then it could be a possibilty that it shouldnt be the case. (though it all depends on if they would have not marked icmp packets for this consideration)

Apart from the above scenario; You can obviously opt for
1. hosting a dns caching server @ your server box & then configuring all your clients to resolve domain queries from it.
2. Or you can opt for a SQUID (web caching server); not configured in transparent mode.
 
Old 11-14-2006, 12:06 PM   #5
soroka2000
LQ Newbie
 
Registered: Nov 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Question Dns With Nat

Thanks.

I will try to solve the problem like you said, but I can ping my DNS-servers from Lan-boxes, so the your explanation is probably wrong. If you find out something about this problem I will be very gratefull for posting again.
 
Old 11-15-2006, 02:16 AM   #6
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Rep: Reputation: 30
Hi Soroko2000,


This is a great startup link for masquerading using iptables:-
http://tldp.org/HOWTO/html_single/Ma...-Simple-HOWTO/

Also I found this to be of great use:-

http://billauer.co.il/ipmasq-html.html




Aniruddha
 
Old 11-15-2006, 02:55 AM   #7
soroka2000
LQ Newbie
 
Registered: Nov 2006
Posts: 4

Original Poster
Rep: Reputation: 0
Talking Solved

The problem was firewall. I had blocked UDP on port 53(DNS port). When I open it start to work. I hope this thread will help other folks who have similar problems. Thanks for all who wanted to help me.

Soroka2000
 
Old 11-15-2006, 03:22 AM   #8
imagineers7
Member
 
Registered: Mar 2006
Distribution: BackTrack, RHEL, FC, CentOS, IPCop, Ubuntu, 64Studio, Elive, Dream Linux, Trix Box
Posts: 310

Rep: Reputation: 30
Hi soroka2000,


Can you post the things step by step to help others find out the solution in future?




Aniruddha
 
Old 11-15-2006, 04:40 AM   #9
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 76
Just remember that DNS can fall back to using TCP for extremely large responses. 53/tcp isn't just for zone transfers (although that's the primary use).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
NAT and DNS Question whohasit Linux - Networking 1 07-19-2005 10:29 PM
Simple NAT/DNS Problem whohasit Linux - Networking 4 07-19-2005 03:08 PM
Can't access DNS from PC using NAT/masq wsxyz Linux - Networking 1 01-20-2005 12:20 PM
dns unavailable through nat jobano Linux - Networking 4 07-05-2004 06:44 AM
Router/NAT and Dynaimc DNS Gerardoj Linux - Networking 3 11-21-2003 11:06 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:02 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration