[dundee] iptables nuances and best practices question
Robert Ladyman
it at file-away.co.uk
Mon Oct 6 08:30:32 UTC 2008
I would incline to the latter (interface) use, just because it will remain
valid if you (or someone else) change(s) the internal address range:
robustness usually trumps. Watch that you have one as an Insert (at position 1
in the NAT table) and the other as an Append (last position).
I assume that you know the difference between open-dns.org and OpenDNS.com:
the former actually being useful.
On Sunday 05 October 2008 17:13:38 Kris Davidson wrote:
> So both of these rules do the same thing, which is intercept and
> redirect DNS requests, to stop people using their own and more
> importantly bloody OpenDNS. I'm just wondering if anyone has any
> opinions on which is better, cleaner etc or is it just a matter of
> preferred style.
>
> iptables -t nat -I PREROUTING -p udp -s 192.168.1.0/24 -d !
> 192.168.1.0/24 --dport 53 -j DNAT --to 192.168.1.1
> iptables -t nat -A PREROUTING -p udp -i br0 --dport 53 -j DNAT --to
> 192.168.1.1
>
> Kris
>
> _______________________________________________
> dundee GNU/Linux Users Group mailing list
> dundee at lists.lug.org.uk http://dundee.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/dundee
> Chat on IRC, #tlug on dundee.lug.org.uk
--
Robert Ladyman
File-Away Limited, 32 Church Street, Newtyle
Perthshire, PH12 8TZ SCOTLAND
Registered in Scotland, Company Number SC222086
Tel: +44 (0) 1828 898 158
Mobile: +44 (0) 7732 771 649
http://www.file-away.co.uk
More information about the dundee
mailing list