view function of Bind 9

Tim ignored_mailbox at yahoo.com.au
Mon Apr 2 02:21:40 UTC 2007 

On Sun, 2007-04-01 at 23:51 +0800, edwardspl at ita.org.mo wrote:
> Sorry, due to the Router can't to be enabled the firewall function, so
> we can to enable the firewall function by using linux only...
> So, how to config the DNS and the NAT function ? 

You'd use iptables rules to do firewalling and NAT.  You can write them
by hand, or use a configuration tool like firestarter (firestarter is
*not* something that I have experience with).  See the iptables man file
for how to do that, but if that appears too hard, look at firestarter.
There's a couple of GUI tools for setting them up, but I think that's
recommended as one of the easier ones.

For generic firewalling, you'd set up a rule that dropped all new
connections by default.  Then you'd add specific rules to allow *some*
things.  You'd do this on any machine, itself, that was publically
accessible.

Which leads to linking public IPs to local LAN IPs.  You could use
forwarding rules to pass all connections to a specific public address to
an internal one, or more specific rules just for certain ports (such as
running a webserver).  There are specific iptable rule types for NAT
purposes (nat and prerouting), rather than just port forwarding rules.
I haven't played with NAT tied into public IPs, so that's beyond my
experience.  You'd want to do things that way, though, if you want a
machine in your LAN to act as if directly on the internet.

I think that's getting beyond the free help on a mailing list, though.
You need to know quite a bit about how networking works, before you can
use the tools to set it up.  If you knew that, you ought to be able to
work out how to use the tools.  It sounds like you need to read more
about that, first.

Then you mention DNS.  Again, it's too vaguely worded.  Are you setting
up a DNS server so all your LAN PCs can use it to resolve LAN addresses?
Or for it to resolve internet addresses for them?  Or for it to answer
public queries for your own domain name?

NB:  I think some things are getting lost in translation.  You might
also want to write it in your native tongue, you might get a direct
reply from someone who knows exactly what you mean.

-- 
(This box runs FC6, my others run FC4 & FC5, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.

More information about the fedora-list mailing list