iptables - lo interface problem

Rodolfo Alcázar rodolfo.alcazar at padep.org.bo
Mon Aug 23 20:43:49 UTC 2004

From: "Mike Burger" <mburger at bubbanfriends.org>

> On Mon, 23 Aug 2004, Rodolfo Alcázar wrote:
> > > Errr, this is a classic case for a split DNS setup, you need to setup
> > > DNS to point to it's DMZ interface on/within the firewall, or just add
> > > it in the hosts file, don't try to connect to the external interface
> > > and use the NAT, it don't work that way. I could be wrong.
> > >
> > > Yang
> >
> > Thanks, Yang. I didn´t heard about split DNS setup. I will try it. Best
> > regards.
> In the meantime, you can use something like this (I used this until split
> DNS came into play on my network):
> $IPTABLES -t nat -A PREROUTING -i internal-interface -d
your.external.ip.address -j DNAT --to your.internal.destination.IP
> $IPTABLES -t nat -A POSTROUTING -o internal-interface -d  -s
your.internal.netowrk/netmask -j SNAT  --to firewall's.internal.ip.address
Thx, mike. This is the solution I was expecting for, but I think the split
DNS is my right answer. I will do the same as you, use this rules in the
meantime. Best regards.


