iptables - lo interface problem
Mike Burger
mburger at bubbanfriends.org
Mon Aug 23 21:29:43 UTC 2004
On Mon, 23 Aug 2004, Rodolfo Alcázar wrote:
> From: "Mike Burger" <mburger at bubbanfriends.org>
>
> > On Mon, 23 Aug 2004, Rodolfo Alcázar wrote:
> >
> > > > Errr, this is a classic case for a split DNS setup, you need to setup
> > > > DNS to point to it's DMZ interface on/within the firewall, or just add
> > > > it in the hosts file, don't try to connect to the external interface
> > > > and use the NAT, it don't work that way. I could be wrong.
> > > >
> > > > Yang
> > >
> > > Thanks, Yang. I didn´t heard about split DNS setup. I will try it. Best
> > > regards.
> >
> > In the meantime, you can use something like this (I used this until split
> > DNS came into play on my network):
> >
> > $IPTABLES -t nat -A PREROUTING -i internal-interface -d
> your.external.ip.address -j DNAT --to your.internal.destination.IP
> > $IPTABLES -t nat -A POSTROUTING -o internal-interface -d -s
> your.internal.netowrk/netmask -j SNAT --to firewall's.internal.ip.address
> > --
> > Mike Burger
> > http://www.bubbanfriends.org
>
> Thx, mike. This is the solution I was expecting for, but I think the split
> DNS is my right answer. I will do the same as you, use this rules in the
> meantime. Best regards.
Happy to help.
If you need an example of a split DNS config, let me know. I'm using it,
now, in lieu of the routing routing option.
--
Mike Burger
http://www.bubbanfriends.org
Visit the Dog Pound II BBS
telnet://dogpound2.citadel.org or http://dogpound2.citadel.org
To be notified of updates to the web site, visit
http://www.bubbanfriends.org/mailman/listinfo/site-update, or send a
message to:
site-update-request at bubbanfriends.org
with a message of:
subscribe
More information about the fedora-list
mailing list