Date: Sun, 9 Dec 2007 10:51:41 -0800 From: Michael Smith <mksmith@adhost.com> To: questions@freebsd.org Subject: Problem with NAT/RDR in PF Message-ID: <EDA55758-3860-4F24-97B3-1C9C41F04A78@adhost.com>
next in thread | raw e-mail | index | archive | help
Hello All:
I am trying to configure a round-robin group of Name Servers that
respond on to and from a single address.
I want the following to occur:
1) DNS query from 10.211.128.1 to 10.212.1.1 is redirected to a pool
of name servers
2) One of the name servers responds to the query
3) The response shows a source address of 10.212.1.1, not the actual
name server
--
Here are the relevant configuration snippets.
vlan821_if="vlan821" # This is the physical interface of the Name
Servers
vlan6_if="vlan_6" # This is the physical interface of the querying
servers
nr_net="10.212.1.0/24" # Name Resolver network
mail_net="10.211.0.0/16" # Querying server network
nr_01_int="10.212.1.11"
#Define table for Name Resolvers
table <nr_roundrobin> persist { \
$nr_01_int \
}
nat on $vlan821_if from $nr_net to $mail_net -> 10.212.1.1
rdr on $vlan6_if proto { udp tcp } from any to 10.212.1.1 port 53 ->
<nr_roundrobin> round-robin
pass in on $vlan821_if inet proto tcp from $nr_net to any
pass in on $vlan821_if inet proto udp from $nr_net to any
pass in on $vlan6_if inet proto udp from $mail_net to $nr_net
pass in on $vlan6_if inet proto tcp from $mail_net to $nr_net
--
With this configuration, when I do a host lookup with 10.212.1.1 as
the server address, I get this:
;; reply from unexpected source: 10.212.1.11#53, expected 10.212.1.1#53
So, it's my assumption that the "rdr" statement is working, but the
"nat" statement is not.
If anyone can help with this I would appreciate it greatly.
Regards and Thanks,
Mike
mksmith@adhost.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?EDA55758-3860-4F24-97B3-1C9C41F04A78>