0

myweb.com has external ip.

I have a debian server running BIND9, it contain some clients, I created the zone myweb.com and I created A record to localhost.it's ok, but I would know if I can point the A record to the real external ip, but route clients to localhost? So, when users access through the dns myweb.com they will be on my server that supposedly has the original external ip, not the ip of my server.

(I'm looking for some iptables,host,ferm or script that do it, but it's hard to find)

NickW
  • 10,263
  • 1
  • 20
  • 27
Julio
  • 1
  • This question isn't entirely clear about what you are looking to do. You want to respond to a DNS query with an A record pointing to a specific IP, when someone tries to connect to that IP over the web, they are redirected to a different server. Is that correct? – NickW Mar 06 '13 at 16:43
  • Yes, its correct – Julio Mar 06 '13 at 17:31
  • Well, mircea answered it for you then. – NickW Mar 06 '13 at 17:32

1 Answers1

1

If you want to impersonate a public server with a local one, in your local network you have 2 solutions:

  1. Use a local DNS that will answer with the private IP for local clients. For the external clients you can answer with the public IP. See: http://www.zytrax.com/books/dns/ch7/view.html

  2. Use NetFilter (iptables) and create a DNAT rule and redirect the public IP towards the local one. Something like:

    iptables -A PREROUTING -t nat -p tcp --destination 123.123.123.123 --destination-port 80 -m state -j DNAT --to-destination 127.0.0.1:80

Mircea Vutcovici
  • 17,619
  • 4
  • 56
  • 83
  • what state i need to use? I tryed iptables -A PREROUTING -t nat -p tcp --destination external-ip --destination-port 80 -j DNAT --to-destination 127.0.0.1:80 and iptables-save and tried to access myweb.com , and it goes to real external-ip – Julio Mar 06 '13 at 17:30
  • Have you tested from an workstation? How is your firewall configured? – Mircea Vutcovici Mar 06 '13 at 19:03
  • What is the topology of your network? Have you added the rule on the Linux machine that is the default router of your network? – Mircea Vutcovici Mar 06 '13 at 19:05
  • You can use tcpdump and run it on both the internal interface and on the external interface. You can use -j LOG to log in syslog when the rule is matched. – Mircea Vutcovici Mar 06 '13 at 19:06
  • my configs.. MY DNS: 111.111.111.111 THE DOMAIN: website.com I CREATE THE ZONE website.com.zone > website.com IN NS 111.111.111.111 website.com IN A 222.222.222.222 ( the real external ip of website.com ) - it's working --- I would like the clients of my dns access website.com and when the client pc do the query for website.com, return the ip 222.222.222.222, but be routed to localhost, i tried the Mircea awnswer but isn't working yet, i think i'm the right way – Julio Mar 06 '13 at 21:13