[svlug] DNS behind a NAT firewall

Alex Feinberg alex at strlen.net
Tue Jul 3 11:29:01 PDT 2001

Hello Steve,

A possible solution for you would be to setup your firewall
to perform port forwarding of packets behind the firewall.
The rest will connect to let's say port 80 on your firewall,
but your rules will forward them to port 80 on another
machine behind the firewall. This is what I am currently doing,
in fact I use a hardware firewall solution which allows me to
forward all packets and setup a "demialitarized zone" a machine
behind the firewall where all packets (unless specifically denied
or judged otherwise) are sent. That machine even runs DNS and
mail, and does so fine. That's a solution you may consider. 
To find out how to do port-forwarding with Linux's current firewall
tools, you may check out plenty of documentation available with
the software, and plenty of separate how-to's.

> I am running a multi-unit LAN behind a firewall, connected to a "single"
> static IP address issued by my DSL provider.  I am having a "thinko"
> trying to figure out how I can name a unit behind the firewall, such
> that it can be seen by the internet.  i.e., how do I get a name line
> system.dsl.com or how do I link my domainname to my IP address?  I don't
> need a cookie-cutter solution, but I need a couple of pointers that I
> can follow to solve my problem.

Alex "strlen" Feinberg

More information about the svlug mailing list