Shorewall users - Jul 2002 - DNS Server behind firewall with private ip

I am running the firewall with two interfaces.  No dmz as it is on its own
private network separate from my office servers.  I would like to allow dns
request to a nated server behind the firewall.  The firewall has an ip alias
with a public address.  That is donated to the private address of the dns
server.  I have no problems going out but the server is not replying to clients
request from the outside.  Here is the layout:
 
net
Eth1 public
Firewall
Eth0 private
loc
Dns server private
 
 
What would the necessary rules be?
And what other files would I need to add entries to?
 
I am still searching  but am having no luck!

On Sun, 21 Jul 2002, Thad Marsh wrote:
> I am running the firewall with two interfaces.  No dmz as it is on its own
private network separate from my office servers.  I would like to allow dns
request to a nated server behind the firewall.  The firewall has an ip alias
with a public address.  That is donated to the private address of the dns
server.  I have no problems going out but the server is not replying to clients
request from the outside.  Here is the layout:
>  
> net
> Eth1 public
> Firewall
> Eth0 private
> loc
> Dns server private
>  
>  
> What would the necessary rules be?
> And what other files would I need to add entries to?
>  
> I am still searching  but am having no luck!
> 
This is basically FAQ #1 -- http://www.shorewall.net/FAQ.htm#faq1 

DNS uses both UDP and TCP port 53 -- therefore, you want rules:

DNAT	net	loc:<local ip>	tcp	53	-	<external ip>
DNAT	net	loc:<local ip>	udp	53	-	<external ip>

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net