Extintor
Tux's lil' helper
Joined: 09 Oct 2004
Posts: 113
Location: Stockholm, Sweden
|
 Posted: Mon Apr 23, 2007 1:00 pm Post subject: Private networks and DynDNS. |
 |
|
Hi everyone.
I'm working on a Linux based firewall for a small company. At the moment are they using a Netgear "router" to do the NATing etc
Now everything works fine with the linuxbox except one small thing. They are using dyndns for some servers on the internal net. Now with the netgear router they can reach for example server1.mycompany.dyndns.org from the internal net ( work computers under the 192.168.1.0/24 network ) but something stops the linuxrouter from doing the same. A colleague of me mentioned something about UPnP but it seems a bit far fetched.
Some alternatives I've thought about.
A) What if i added ez-ipupdate and configured it for dyndns could that be a solution?
B) We do have a internal DNS, maybe just set up permanent mappings there instead?
C) Could it be done with iptables ? This is what I would prefer since I get headaches from configuring BIND.
I'm attaching my current iptables script beneath if you feel the need to see it.
Any help, ideas or suggestions are greatly appreciated.
Thank's in advance.
| Code: |
#!/bin/bash
# Lowe Schmidt, 2007.
# Aliases for some commands.
IPT="/sbin/iptables"
ECHO="/bin/echo"
# Aliases for the interfaces.
INT_IF="eth0" # Internal interface.
EXT_IF="ppp0" # External interface (Internet interface)
# Aliases for server ip adresses.
BENDER="x.x.x.x"
SONNY="x.x.x.x"
ENZO="x.x.x.x"
# Flush previous rules to ensure sanity.
$IPT -F
$IPT -X
# Make sure that IP forwarding is activated
$ECHO 1 > /proc/sys/net/ipv4/ip_forward
# Limit pings to 3 every second.
$IPT -A INPUT -p icmp --icmp-type echo-request -m limit --limit 3/s --limit-burst 10 -j ACCEPT
# Set up the network adress translation(NAT).
$IPT -t nat -A POSTROUTING -o $EXT_IF -j MASQUERADE
# Forward LAN traffic to internet.
$IPT -A FORWARD -i $INT_IF -o $EXT_IF -m state --state NEW,ESTABLISHED -j ACCEPT
# Accept Syslog connections from intranet.
$IPT -A INPUT -i $INT_IF -p tcp --dport 5149 -j ACCEPT
$IPT -A INPUT -i $INT_IF -p udp --dport 514 -j ACCEPT
# This whole section can be shortened with multiport.
# Forward port 22,80 and 443 to Bender.
$IPT -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 22 -j DNAT --to $BENDER
$IPT -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 80 -j DNAT --to $BENDER
$IPT -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 443 -j DNAT --to $BENDER
# $IPT -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 2401 -j DNAT --to $BENDER
# Forward port 8080 and 2222 to Sonny
$IPT -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 8080 -j DNAT --to $SONNY
$IPT -t nat -A PREROUTING -i $EXT_IF -p tcp --dport 2222 -j DNAT --to $SONNY
|
_________________
Beerhazard | Nobelium | VIm | Perl | Ruby |
|
Networking & Security
