PF NAT and DNS
Jeremie Le Hen
jeremie at le-hen.org
Wed Jul 20 10:24:22 GMT 2005
Hi Alberto,
> Does PF NAT have support for DNS ALG as described in
> RFC 2694 - DNS extensions to "Network Address
> Translators" (changing IP addresses in DNS payloads
> for certain DNS traffic types based on NAT entries)?
AFAIK, no, this is not supported, and this is not planned to be.
> If not, what is the PF recommended way for avoiding
> issues with DNS/NAT when the DNS server and DNS
> clients are on different sides of the NAT?
I would advice you to create a DNS server for the internal side.
Another solution that I'm currently using (but it may not be applicable
in you case) is to move the DNS server in the internal network. Then
I use Bind9's zones to make a different reply whether the request is
coming from the internal network or from Internet).
Regards,
--
Jeremie Le Hen
< jeremie at le-hen dot org >< ttz at chchile dot org >
More information about the freebsd-pf
mailing list