iptables - lo interface problem

Travis Fraser travis at snowpatch.net
Mon Aug 23 22:09:16 UTC 2004


On Mon, 2004-08-23 at 17:29, Mike Burger wrote:
> On Mon, 23 Aug 2004, Rodolfo Alcázar wrote:
> 
> > From: "Mike Burger" <mburger at bubbanfriends.org>
> > 
> > > On Mon, 23 Aug 2004, Rodolfo Alcázar wrote:
> > >
> > > > > Errr, this is a classic case for a split DNS setup, you need to setup
> > > > > DNS to point to it's DMZ interface on/within the firewall, or just add
> > > > > it in the hosts file, don't try to connect to the external interface
> > > > > and use the NAT, it don't work that way. I could be wrong.
> > > > >
> > > > > Yang
> > > >
> > > > Thanks, Yang. I didn´t heard about split DNS setup. I will try it. Best
> > > > regards.
> > >
> > > In the meantime, you can use something like this (I used this until split
> > > DNS came into play on my network):
> > >
> > > $IPTABLES -t nat -A PREROUTING -i internal-interface -d
> > your.external.ip.address -j DNAT --to your.internal.destination.IP
> > > $IPTABLES -t nat -A POSTROUTING -o internal-interface -d  -s
> > your.internal.netowrk/netmask -j SNAT  --to firewall's.internal.ip.address
> > > -- 
> > > Mike Burger
> > > http://www.bubbanfriends.org
> > 
> > Thx, mike. This is the solution I was expecting for, but I think the split
> > DNS is my right answer. I will do the same as you, use this rules in the
> > meantime. Best regards.
> 
> Happy to help.
> 
> If you need an example of a split DNS config, let me know.  I'm using it, 
> now, in lieu of the routing routing option.
> -- 
> Mike Burger

Hi Mike,

I would like to see the split-DNS config. This thread is very timely for
me as I am setting up the exact arrangement in my network.

Thanks,
Travis Fraser





More information about the users mailing list