[lug] Qwest Basic service w/ single static IP
David L. Anselmi
anselmi at anselmi.us
Wed Sep 14 22:31:38 MDT 2005
Lee Woodworth wrote:
>> Yes. I'm still using a Cisco 678 and you can get one on eBay cheap.
>> I haven't looked at Actiontec specifically but every other cable/DSL
>> modem I've seen does DNAT with no limitations.
> The cisco 678 has a dns forwarder. I setup a client with one and we
> used the modem as the dns server for his windows box.
I think you're mistaken. My 678 doesn't do anything with DNS. It can
be told what the ISP's servers are and passes them out via DHCP but
that's all. It doesn't listen to port 53 on LAN or WAN. Forwarding DNS
through it (DNAT) works fine. Ditto for HTTP (though I have the web
interface of the modem disabled--I'm not sure that matters though).
>> What is a DNS forwarder? Can you describe how it works? Doesn't seem
>> like that would be terribly useful in a DSL modem so I wonder if there
>> isn't a way round this.
> Think dnscache. Its so that home users can just be pointed at the modem
> for the client dns. Some devices like the linksys cable/dsl routers can
> grab their dns servers from the dhcp server. Less stuff for the tech
> support people to know.
I see, that makes sense. Seems like an odd thing to put in a DSL modem.
> There are iptables rules which route all traffic to/from port 53/any
> address any interface to a dproxy process through a netlink device.
> I've tried deleting the port 53 rules, but replies don't seem to make
> it back to ethernet interface.
From the LAN I could understand, but exposing port 53 on the WAN sounds
stupid. So there's your reason to hack the thing and put your own
distro on it.
More information about the LUG