Del wrote:
> Kevin Waterson wrote:
> >
> > I have several Domain controllers I wish move behind a firewall
> > The IP addresses would change but I could use ipnatctl to forward
> > the packets to 192.168.0.*
> >
> > Is this a good way to do this or is there a better way?
>
> This way should work fine.
>
> Make sure you forward both UDP and TCP port 53, as well as masquerade
> the servers so they can send outgoing packets on these ports too.
So, something like this in my firewall scripts?
ipnatctl -I -p tcp -d 203.41.132.76 --dport 53 -b dest -t 192.168.0.2
--to-port 53
ipnatctl -I -p udp -d 203.41.132.76 --dport 53 -b dest -t 192.168.0.2
--to-port 53
MASQ_NETS="192.168.0.0/24 192.168.1.0/24 "
for net in $MASQ_NETS 127.0.0.0/8; do
$iptables -A INPUT --proto udp --src $net --dport 53 -j ACCEPT
done
Kevin
--
SLUG - Sydney Linux Users Group Mailing List - http://www.slug.org.au
To unsubscribe send email to [EMAIL PROTECTED] with
unsubscribe in the text
