Exchange Source IP in incoming IP Packages

Hello,

i have a problem with Linux, DNS and a NAT-Router.


The Linux machins has a private ip, the NAT-router is configured as the
DNS server. The NAT router itself uses DDNS and forwards all enquries to
the providers DNS server.

The problem is, the NAT router will not translate the ip addresses in
the answer packages of the providers DNS server. So for the Linux
machine it looks like the DNS answer is coming from another machine as
the enquiry was sent to. The enquiry was sent to the NAT router, the
answer is coming from the providers DNS. Because of that DNS doesn't work.

Is there a way to exchange the source IP address of the DNS answering
packagages to the nat-routers IP, maybe by iptables?

Thanks for any help

Nils

Nils Gorges wrote:

> Hello,
>
> i have a problem with Linux, DNS and a NAT-Router.
>
>
> The Linux machins has a private ip, the NAT-router is configured as the
> DNS server. The NAT router itself uses DDNS and forwards all enquries to
> the providers DNS server.
>
> The problem is, the NAT router will not translate the ip addresses in
> the answer packages of the providers DNS server. So for the Linux
> machine it looks like the DNS answer is coming from another machine as
> the enquiry was sent to. The enquiry was sent to the NAT router, the
> answer is coming from the providers DNS. Because of that DNS doesn't work.
>
> Is there a way to exchange the source IP address of the DNS answering
> packagages to the nat-routers IP, maybe by iptables?
>
> Thanks for any help
>
> Nils
Hi Nils,

iptables -t nat -A POSTROUTING -i Ext_Interface -s DNS-Server-IP -j SNAT
--to-source Router-IP
on the router should be fine.

Regards, Alex

Alex Harsch wrote:
> Nils Gorges wrote:
>
>
>>Hello,
>>
>>i have a problem with Linux, DNS and a NAT-Router.
>>
>>
>>The Linux machins has a private ip, the NAT-router is configured as the
>>DNS server. The NAT router itself uses DDNS and forwards all enquries to
>>the providers DNS server.
>>
>>The problem is, the NAT router will not translate the ip addresses in
>>the answer packages of the providers DNS server. So for the Linux
>>machine it looks like the DNS answer is coming from another machine as
>>the enquiry was sent to. The enquiry was sent to the NAT router, the
>>answer is coming from the providers DNS. Because of that DNS doesn't work.
>>
>>Is there a way to exchange the source IP address of the DNS answering
>>packagages to the nat-routers IP, maybe by iptables?
>>
>>Thanks for any help
>>
>>Nils
>
> Hi Nils,
>
> iptables -t nat -A POSTROUTING -i Ext_Interface -s DNS-Server-IP -j SNAT
> --to-source Router-IP
> on the router should be fine.
>
> Regards, Alex

Hi Alex,

thank you very much for the fast reply.

The next problem is, the providers DNS is assigned by Dynamic DNS, so i
don't know the DNS IP for sure. So i need to translate the ip addresses
of all package that are comping from port 53 to the nat-routers ip
address. Is that also possible?

Thank you again

Nils

In article <ceii9b$f2v$06$(E-Mail Removed)>, Nils Gorges wrote:
>The next problem is, the providers DNS is assigned by Dynamic DNS, so i
>don't know the DNS IP for sure.

You may want to look at the IP addresses of these servers. DNS servers
_can_ change their addresses, but it's a good bit of a hassle - notifying
the domain registrar, then allowing for propagation delays for the change
to take effect all over the world.

Remember that the normal reason for using a (so-called) Dynamic DNS
is so that the individual hosts don't have to be individually set up.
I mean _everyone_ knows how hard it is the fire up a text editor when
you are originally configuring the system, and _actually edit_ one
stupid file. Ohh, that is SO HARD TO DO!!! ;-)

Actually, it does have a place it the world, if the host is moving
from one network to another on a regular basis.

Old guy