Board index Linux Networking

Exchange Source IP in incoming IP Packages

Exchange Source IP in incoming IP Packages

Post by Nils Gorge » Mon, 02 Aug 2004 19:28:22



Hello,

i have a problem with Linux, DNS and a NAT-Router.

The Linux machins has a private ip, the NAT-router is configured as the
DNS server. The NAT router itself uses DDNS and forwards all enquries to
the providers DNS server.

The problem is, the NAT router will not translate the ip addresses in
the answer packages of the providers DNS server. So for the Linux
machine it looks like the DNS answer is coming from another machine as
the enquiry was sent to. The enquiry was sent to the NAT router, the
answer is coming from the providers DNS. Because of that DNS doesn't work.

Is there a way to exchange the source IP address of the DNS answering
packagages to the nat-routers IP, maybe by iptables?

Thanks for any help

Nils

 
 
 
Top

Exchange Source IP in incoming IP Packages

Post by Alex Harsc » Mon, 02 Aug 2004 19:51:30



> Hello,

> i have a problem with Linux, DNS and a NAT-Router.

> The Linux machins has a private ip, the NAT-router is configured as the
> DNS server. The NAT router itself uses DDNS and forwards all enquries to
> the providers DNS server.

> The problem is, the NAT router will not translate the ip addresses in
> the answer packages of the providers DNS server. So for the Linux
> machine it looks like the DNS answer is coming from another machine as
> the enquiry was sent to. The enquiry was sent to the NAT router, the
> answer is coming from the providers DNS. Because of that DNS doesn't work.

> Is there a way to exchange the source IP address of the DNS answering
> packagages to the nat-routers IP, maybe by iptables?

> Thanks for any help

> Nils

Hi Nils,

iptables -t nat -A POSTROUTING -i Ext_Interface -s DNS-Server-IP -j SNAT
--to-source Router-IP
on the router should be fine.

Regards, Alex

 
 
 
Top

Exchange Source IP in incoming IP Packages

Post by Nils Gorge » Mon, 02 Aug 2004 19:56:21




>>Hello,

>>i have a problem with Linux, DNS and a NAT-Router.

>>The Linux machins has a private ip, the NAT-router is configured as the
>>DNS server. The NAT router itself uses DDNS and forwards all enquries to
>>the providers DNS server.

>>The problem is, the NAT router will not translate the ip addresses in
>>the answer packages of the providers DNS server. So for the Linux
>>machine it looks like the DNS answer is coming from another machine as
>>the enquiry was sent to. The enquiry was sent to the NAT router, the
>>answer is coming from the providers DNS. Because of that DNS doesn't work.

>>Is there a way to exchange the source IP address of the DNS answering
>>packagages to the nat-routers IP, maybe by iptables?

>>Thanks for any help

>>Nils

> Hi Nils,

> iptables -t nat -A POSTROUTING -i Ext_Interface -s DNS-Server-IP -j SNAT
> --to-source Router-IP
> on the router should be fine.

> Regards, Alex

Hi Alex,

thank you very much for the fast reply.

The next problem is, the providers DNS is assigned by Dynamic DNS, so i
don't know the DNS IP for sure. So i need to translate the ip addresses
of all package that are comping from port 53 to the nat-routers ip
address. Is that also possible?

Thank you again

Nils

 
 
 
Top

Exchange Source IP in incoming IP Packages

Post by Moe Tr » Tue, 03 Aug 2004 06:04:24



>The next problem is, the providers DNS is assigned by Dynamic DNS, so i
>don't know the DNS IP for sure.

You may want to look at the IP addresses of these servers. DNS servers
_can_ change their addresses, but it's a good bit of a hassle - notifying
the domain registrar, then allowing for propagation delays for the change
to take effect all over the world.

Remember that the normal reason for using a (so-called) Dynamic DNS
is so that the individual hosts don't have to be individually set up.
I mean _everyone_ knows how hard it is the fire up a text editor when
you are originally configuring the system, and _actually edit_ one
stupid file.  Ohh, that is SO HARD TO DO!!!    ;-)

Actually, it does have a place it the world, if the host is moving
from one network to another on a regular basis.

        Old guy

 
 
 
Top

1. Modifying all outgoing/incoming network TCP/IP packages

Hello,

Currently I'm writing a thesis about steganography. The focus is to
hide information (and extract the hidden info.) in the TCP/IP header.

I'm about to conduct a small experiment. In a Linux host, a module of
some kind shall catch all outgoing network packets and modify them
before they are sent.

Now to the question: How can I modify _all_ outgoing/incoming network
packages from/to a Linux host? The fundamental functionality is thus
the ability to modify network packages.

Can I use raw sockets?

I've seen an example of a kernel module that drops network packages
randomly. Would this be a better approach perhaps?

Any information is greatly appreciated!

Regards,
  -olle-

2. Cyclades Multiport

3. Ignore all incoming udp/ip and udp/ip on all ports, except open ports?

4. Ide-scsi

5. incoming IP packet with local interface's IP as origin?

6. Promise FastTrak Support?

7. exchange the source IP addr.

8. Openwin no execting

9. aplication to receive [ethernet|IP|UDP] and [ethernet|ppp|IP|UDP] packages over socket

10. application to receive ethernet|IP|UDP a ethernet|ppp|IP|UDP packages over socket

11. Route IP masqueraded packets according to their source IP?

12. Aliased IP shows up as source IP - help?

13. (IP) How do you source the virtual address in IP from a Sun???


All times are UTC
Board index