Christopher Parker wrote:
Hello,
I'm trying to make dnsmasq on my WRT54G (OpenWrt Whiterussian RC5)
forward domain names from the router to machines "behind" the router.
Here's an example of my setup:
"router" is the OpenWrt machine, providing DHCP to the 192.168.1.x
network. It has an IP of 192.168.1.1
"machine" is a client machine behind the router. It gets its IP
address via DHCP from dnsmasq on the wrt.
I have an external DNS server pointing "router.example.com" to the
router's static WAN IP. I also have machine.example.com pointing to
that same IP. I want dnsmasq to "forward" machine.example.com to the
client machine.
What I have so far is working, but only from inside the 192.168.1.x
network. From the outside, machine.example.com points to the router's
info page instead of the client machine.
Here's my /etc/hosts, pretty straightforward:
127.0.0.1 localhost OpenWrt
192.168.1.1 router
192.168.1.2 machine # forces pseudo-static IP address for client machine
Here's my dnsmasq.conf, sans comments:
domain-needed
bogus-priv
filterwin2k
localise-queries
local=/lan/
domain=example.com
expand-hosts
dhcp-host=router
dhcp-authoritative
dhcp-leasefile=/tmp/dhcp.leases
read-ethers
The only thing I can think of is changing the local line to say
local=/example.com/. Right now, if I ping another machine from inside
the network, the hostname for that machine shows up as machine.lan.
Would this be my problem (part of the default OpenWrt install)?
TIA,
If I've understood you correctly, then I think you need to step back a
bit, and consider the larger problem. What you are trying to do: use a
server behind a NAT router, is fairly common, but you cannot do it using
DNS tricks only. There's only one IP, the router's WAN IP, which gets
packets from the global internet to your box. No matter what you do to
DNS, the names will be resolved to that IP in the end, and turn up at
the router.
The normal way to do this is port-forwarding: you tell network subsystem
on the router to treat packets which are sent to the router's global IP
address and a certain port (or ports) specially. Instead of receiving
the packets, it changes their destination field to the (192.168,...) IP
address of the internal machine, and sends them to that machine over the
internal network.
The magic to do this looks like this, which forwards port 8080 on the
router to port 80 on 192.168.1.2
iptables -t nat -D PREROUTING -p tcp --destination-port 8080 \
-j DNAT --to-destination 192.168.1.2:80
If you run that command on the router, then you will be able to access
the webserver on 192.168.1.2 as
http://router.example.com:8080/
from anywhere.
It's also possible to forward port 80 on the router to port 80 on the
server, but be careful: that might also forward port 80 when accessing
the router from the internal network, blocking access to the router
config pages.
I just re-read you message, and I see that you are using OpenWRT: that
almost certainly has a config page to set up port-forwarding, so you
won't need to run iptables commands directly: just fill in the web-form.
HTH
Simon.
