BIND and NAT

Paul Waring pwaring at gmail.com
Sun May 15 16:00:13 PDT 2005


On 5/15/05, Joe Wood <dot.sn1tch at gmail.com> wrote:
> I have a small question regarding a DNS issue I am having. I have a bsd box
> setup for a domain I am hosting..it has FBSD 5.3 and Bind 9.3. It sits
> behind a NAT device and is in a DMZ. The problem is when I setup the domain
> I told it to point to the public ip which is translated to the private IP on
> which DNS listens. Now when I try to go to the site it keeps trying to
> connect to the private IP the site is on instead of the correct public ip.
> Is this an issue with the DNS files being setup for the private network or
> should it matter?

If your DNS server is giving out the private IP address to machines on
the other side of the NAT device then yes, that does matter because
they won't be able to connect to it. If you want to run your DNS from
behind a NAT device (using port forwarding from a public IP perhaps -
that's what I do) then you might want to look into the concepts of
"views" in Bind, which will allow you to give out the private IP for
the domain to any machine on the same subnet (e.g. 192.168.0.x) and
the public IP address to any machine on the other side of the NAT
device. This is what I do when running my DNS from behind a router on
a private IP range and it works very well. It's a bit fiddly to setup
as each zone you have needs to be in both views (internal and
external) but otherwise it's fairly simple to setup.

Paul

-- 
Rogue Tory
http://www.roguetory.org.uk


More information about the freebsd-questions mailing list