[vox-tech] tinydns behind NAT firewall?

Samuel Merritt vox-tech@lists.lugod.org
Sun, 9 Feb 2003 11:37:20 -0800


--VS++wcV0S1rZb1Fb
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Feb 09, 2003 at 11:24:51AM -0800, Shawn P. Neugebauer wrote:
> Well, I'm finally getting around to setting up my own DNS server/cache,
> and I've run into a problem.
>=20
> Is it generally possible to run tinydns behind a (dedicated) NAT firewall
> (a netgear RP114)?  The problem is that the name server wants to run
> on an interface having the published name server IP address, but, of
> course, it's behind a firewall masquerading as that IP address (thus,
> the firewall is doing translation, so DNS queries could never make it to
> the right interface).

Any decent NAT box will have a way to forward packets to internal
machines. You should be able to set up a rule that packets destined for
the NAT box's external interface, port 53, type UDP, get forwarded to
the DNS server.=20

If your Netgear RP114 lacks this capability, I suggest setting up a
Linux-based NAT box. It'll give you more control over your network
traffic than any Netgear/Linksys/whatever NAT box.=20
=20
> I've been digging through google searches, without finding anything obvio=
us,
> so I thought I would ask out loud here before I dig deep.
>=20
> shawn.

--=20
Samuel Merritt
OpenPGP key is at http://meat.andcheese.org/~spam/spam_at_andcheese_dot_org=
.asc
Information about PGP can be found at http://www.mindspring.com/~aegreene/p=
gp/

--VS++wcV0S1rZb1Fb
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+Rq3wW3tuPJ1t7wURAsnGAJ9fn6TIxb3M4xQXJjLhUvamzMcB+wCfYRo4
RoB/zSlO8Yi3XV5/ohiaOwI=
=CI97
-----END PGP SIGNATURE-----

--VS++wcV0S1rZb1Fb--