Hi, sorry if this has been asked. I've searched the FAQ and mailing list
archives but couldn't find anything about this.
Here's my scenario. I'm on a DSL link with one IP (let's say 1.2.3.4 and
one name (let's call it foo.org). I'm currently running iptables on my
DSL connector to do all my SNAT/DNAT for the servers that run behind it
(POP, SMTP, web, etc). What I'd like to do is turn my name into a domain
and bring up a DNS server that handles the foo.org domain so that
internal server 192.168.1.3 is www.foo.org etc. I've found that
SNAT/DNAT on a name doesn't work because whatever the name is, it still
resolves out to my one ip. Now's a good time for a diagram of what I'd
like.
1.2.3.4 +--------------+ 192.168.1.1
--------+ iptables box +-------------+
+--------------+ | 192.168.1.2 +-------------+
+-------------+ dns.foo.org +
| +-------------+
|
| 192.168.1.3 +-------------+
+-------------+ www.foo.org +
| +-------------+
|
etc
What I'd like to happen is that when someone out in the world tries to
go to www.foo.org, their resolver finds out that foo.org domain is
handled by 1.2.3.4 and so queries there, the iptables box NATs it on to
192.168.1.2, which replies that www.foo.org is available at 192.168.1.3.
The iptables box would then mangle the packet to say it's available at
1.2.3.4, but track it so that when their client connects to www.foo.org
it gets NATed to 192.168.1.3.
Does that make sense and is that doable. It seems to me that it is
because isn't that what VPNs generally do?
Let me know if this doesn't make much sense and I'll try to explain it
better. Thanks!
