How do i get my internal linux dns to retrieve information from an external dns
smallpond
smallpond at juno.com
Mon Oct 23 20:25:52 UTC 2006
the_iddiot at hotmail.com wrote:
> Hi i am doing this project for a university class i have a Linux
> Firewall running iptables i have a internal network for the DMZ
> (192.168.78.x) and the Lan (192.168.77.x) on the DMZ i have a DNS
> (192.168.77.3) and other servers. the firewall sits on a fake external
> network (which is a internal network) (192.168.2.80) with an "external
> DNS" (192.168.2.79)
>
> the external dns is win 2003 and the internal is centos
>
> my problem is that i am trying to run the master slave dns setup
> between the two atm i have got the external dns working it sees all the
> internal information from the linux domain boi.org.nz but the internal
> linux dns cannot see the win 2003 server domain boi2.org.nz
>
> i have set up forwarding and the natting in the firewall to allow the
> ip address from the"external network" to be translated on port 53 to
> the internal network.
>
> NET_NIC="eth0"
> DMZ_NIC="eth2"
>
> iptables -t nat -A PREROUTING -p tcp $NET_NIC --dport 53 -j DNAT
> --to-destination 192.168.78.3:53
> iptables -t nat -A PREROUTING -p udp $NET_NIC --dport 53 -j DNAT
> --to-destination 192.168.78.3:53
>
> iptables -A FORWARD -i $NET_NIC -o $DMZ_NIC -p ALL -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
> iptables -A FORWARD -i $DMZ_NIC -o $NET_NIC -p ALL -m state --state
> NEW,ESTABLISHED,RELATED -j ACCEPT
>
> i believe that is the relivant information from the IPtables if you
> wish to see the whole iptables i can set up ssh and get it i supose
>
> i do not understand even though i have opened the ports and set it up
> to allow this passage of data from the external DNS to the internal one
> it does not allow this data through
>
> when i restare named i get the error message in the logs
>
> transfer of 'boi2.org.nz/IN' from 192.168.2.77:53: failed while
> recieving responses: Primisison denied
>
> assistance is more than required
>
> Kind Regards
> Kelvan
The system 192.168.2.77 is not in your list above.
Which system is it?
-- S
More information about the bind-users
mailing list