SEO
vBulletin Search Engine Optimization
| |||||||
| Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-19-2008, 09:56 AM
| ||||
| ||||
 source to nat of the local address Hi all, I have a problem. I have to make SNAT to the local address in order to have dns/ping services working on the gateway machine. local net --> firewall --> ISP The firewall has two NICs (using Slackware). eth0 - int - 192.168.x.x eth1 - ext - 195.149.249.x I have iptables running with SNAT enabled to 195.149.248.x The problem is that when i try to resolve an address there's no response. May be because the request is sent with the 'wrong' address of eth1 instead of the 'correct' one - 195.149.248.x Please help.      |
|
02-19-2008, 09:57 AM
| |||
| |||
| Re: source to nat of the local address -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In alt.os.linux.slackware, Dimitar dared to utter, > The problem is that when i try to resolve an address there's no response. How exactly do you try to resolve a DNS name? > May be because the request is sent with the 'wrong' address of eth1 > instead of the 'correct' one - 195.149.248.x What makes you think that? Are you just yanking something out of your ass and hoping it's right? Why not log into the gateway, disable the internal interface for a few moments, and try it? That should at least tell you if you're right or wrong in your assumption. - -- It is better to hear the rebuke of the wise, Than for a man to hear the song of fools. Ecclesiastes 7:5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFAiYKCL3KiNGOqr6ERAgtgAJ4uDcHqPy3TAOZXbFDs7Q Zd1Wp7vgCgk0Ok 1Tp2ynowNJTDQZyBUJS93c4= =I6y2 -----END PGP SIGNATURE----- |
|
02-19-2008, 10:01 AM
| |||
| |||
| Re: source to nat of the local address May be you didn't understand my problem.. Let me clear it out for you. I want to resolve www addresses from the gateway box in order to start squid on the machine. Alan Hicks <alan@lizella.netWORK> wrote in message news:<4089828e$1_2@127.0.0.1>... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In alt.os.linux.slackware, Dimitar dared to utter, > > The problem is that when i try to resolve an address there's no response. > > How exactly do you try to resolve a DNS name? > > > May be because the request is sent with the 'wrong' address of eth1 > > instead of the 'correct' one - 195.149.248.x > > What makes you think that? Are you just yanking something out of your > ass and hoping it's right? Why not log into the gateway, disable the > internal interface for a few moments, and try it? That should at least > tell you if you're right or wrong in your assumption. > > - -- > It is better to hear the rebuke of the wise, > Than for a man to hear the song of fools. > Ecclesiastes 7:5 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQFAiYKCL3KiNGOqr6ERAgtgAJ4uDcHqPy3TAOZXbFDs7Q Zd1Wp7vgCgk0Ok > 1Tp2ynowNJTDQZyBUJS93c4= > =I6y2 > -----END PGP SIGNATURE----- |
|
02-19-2008, 10:01 AM
| |||
| |||
| Re: source to nat of the local address -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Stop top-posting! A: Top-posting. Q: What's the single most annoying thing on Usenet? In alt.os.linux.slackware, Dimitar dared to utter, > May be you didn't understand my problem.. Let me clear it out for you. > I want to resolve www addresses from the gateway box in order to start > squid on the machine. Well what exactly did you do try doing? What does /etc/resolv.conf say? Are you even able to make DNS queries of a public DNS server like say, 207.69.188.185? If you don't tell us what you've tried, how the hell are we suppossed to be able to help you? - -- It is better to hear the rebuke of the wise, Than for a man to hear the song of fools. Ecclesiastes 7:5 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD4DBQFAjVa4L3KiNGOqr6ERAg/aAJ9OwsQof/7krnUwFSIVXSrhRhoTWACY0CTB qvxQ6zmzQUh3M67w0qSyXw== =c4S7 -----END PGP SIGNATURE----- |
|
02-19-2008, 10:01 AM
| |||
| |||
| Re: source to nat of the local address Alan Hicks <alan@lizella.network> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > Stop top-posting! > A: Top-posting. > Q: What's the single most annoying thing on Usenet? Hardly. The most annoying thing on usenet is the pointless use of inlined pgp signatures. cordially, even to morons, rm |
|
02-19-2008, 10:03 AM
| ||||
| ||||
| Re: source to nat of the local address Here's what i did so far: 1. I have resolv.conf with nameserver options added with my ISP's 2 DNS addresses. 2. I have iptables running with SNAT: iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 195.149.249.xx 3. All other settings in Iptables are left default. 4. External interface - eth1 (195.149.255.xx) 5. Internal interface - eth0 (192.168.0.2) the ISP is not routing requests with IP different than 195.149.249.xx. What i tried to do is to ping www.cnn.com, but it is not possible. I suppose it is because the request is with source IP of eth1, isn't it? please help me. Alan Hicks <alan@lizella.netWORK> wrote in message news:<408d56c5$1_2@127.0.0.1>... > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Stop top-posting! > > A: Top-posting. > Q: What's the single most annoying thing on Usenet? > > In alt.os.linux.slackware, Dimitar dared to utter, > > May be you didn't understand my problem.. Let me clear it out for you. > > I want to resolve www addresses from the gateway box in order to start > > squid on the machine. > > Well what exactly did you do try doing? What does /etc/resolv.conf say? > Are you even able to make DNS queries of a public DNS server like say, > 207.69.188.185? If you don't tell us what you've tried, how the hell > are we suppossed to be able to help you? > > - -- > It is better to hear the rebuke of the wise, > Than for a man to hear the song of fools. > Ecclesiastes 7:5 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD4DBQFAjVa4L3KiNGOqr6ERAg/aAJ9OwsQof/7krnUwFSIVXSrhRhoTWACY0CTB > qvxQ6zmzQUh3M67w0qSyXw== > =c4S7 > -----END PGP SIGNATURE----- |
Linear Mode
