Bind behind Cisco 675 router
Deon Garrett
garrett at estreet.com
Sun Sep 23 06:20:48 UTC 2001
On Sat, 22 Sep 2001, Tim Maestas wrote:
>
>
> Sorry, that's http://www.cisco.com/warp/public/556/3.html
>
> -Tim
>
>
>
> On Sat, 22 Sep 2001, Tim Maestas wrote:
>
> >
> > This is happening due to your NAT setup on the Cisco.
> > http://www.cisco.com/warp/public/566/3.html has some
> > info on how cisco NAT affects DNS packets. Depending on
> > how you need your nat setup, the examples on this page
> > may or may not help you, but it should give you an
> > understanding of what your router is doing.
> >
> > -Tim
> >
> >
I figured out the url change, but it only applies to Cisco's IOS. The
consumer grade DSL routers use CBOS. Most of the commands on the page
aren't present in my router software. Nonetheless, it did give me a few
ideas about checking what my router was doing. Here's what's happening as
best as I can tell.
The router seems to be adding dynamic NAT entries of the form
Private IP:port Gets translated Public IP:port
xxx.xxx.xxx.xxx:yyy to 66.7.185.147.yyy
where *** indicates any port number (wildcard), the xxx.xxx.xxx.xxx in
the Private IP part will be the real ip address of the server I'm trying
to resolve, and yyy is the port number that the dns query is using at
the time. So if I type "dig @66.7.185.147 google.com", my router adds
the following NAT entries:
216.239.37.100:yyy 66.7.185.147.yyy
216.239.39.100:yyy 66.7.185.147.yyy
216.239.33.100:yyy 66.7.185.147.yyy
216.239.35.100:yyy 66.7.185.147.yyy
The 216.239.*.* addresses are the actual IP addresses for google.com as
returned by a working nameserver.
OK, so what it seems to be doing is translating the dns supplied
addresses into my public ip address as though my private network is
using the ip address of whatever I just queried.
That seems like a logical thing for a router to do... :/
dg
More information about the bind-users
mailing list