Re: DNS, NAT and dynamic IP

labtel · ‎03-30-2004

I use a router ADSL 827 with IOS 12.2(15)T8.

The network comprises an interface Ethernet 0 inside (IP 10.134.74.1) and one interface outside of the type Dialer 1 (dynamic IP ).

I use a static route to communicate with my server since Internet

ip nat inside source static 10.134.74.1 interface Dialer1

ip route 10.134.74.0 255.255.254.0 192.168.1.2 permanent

The problem, it is that when I make a request DNS since my server, the NAT change the address in answer DNS --> x.x.x.x to 10.134.74.1

How to configure my router so that the NAT does not modify answers DNS ?

interface Ethernet0

ip address 10.134.74.1 255.255.255.0

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

!

interface ATM0

no ip address

atm vc-per-vp 64

no atm ilmi-keepalive

pvc 8/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

!

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname xxxxxxxxxxx

ppp chap password 7 xxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxxx password 7 xxxxx

ppp ipcp dns request

ppp ipcp wins request

!

ip nat inside source list 102 interface Dialer1 overload

ip nat inside source static 10.134.74.1 interface Dialer1

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.134.74.0 255.255.254.0 192.168.1.2 permanent

ip http server

no ip http secure-server

ip dns server

!

access-list 102 permit ip any any

dialer-list 1 protocol ip permit

thank's

laurent

p.dimitrije · ‎03-31-2004

(config)#no ip domain lookup

p.dimitrije · ‎03-31-2004

(config)#no ip domain lookup

labtel · ‎03-31-2004

that still does not function

The answer DNS always gives IP 10.134.74.1

amorgos · ‎04-01-2004

Dear laurent,

not sure I got it right but why not replace access-list 102 permit ip any any

with access-list 18 permit 10.134.74.0 0.0.0.255

and

ip nat inside source list 102 interface Dialer1 overload with ip nat inside source list 18 interface Dialer1 overload

labtel · ‎04-02-2004

After this configuration, I cannot make communication any more towards outside

I found a command No-payload which must make it possible to remove the translation in answer DNS.

How is this command used ?

amorgos · ‎04-02-2004

Maybe I didn't got your question right. I send you a conf that should be ok. Nevertheless, I still don't understand why you chose to make your router act as a dns server, that's why I don't include this function in my conf. I would use my ISP DNS servers... Sorry if I misunderstood and caused you lost time.

ip name-server xxx.xxx.xxx.xxx (The DNS servers of your ISP)

ip address 10.134.74.1 255.255.255.0

ip nat inside

ip tcp adjust-mss 1452

hold-queue 100 out

interface ATM0

no ip address

atm vc-per-vp 64

no atm ilmi-keepalive

pvc 8/35

pppoe-client dial-pool-number 1

!

dsl operating-mode auto

interface Dialer1

ip address negotiated

ip mtu 1492

ip nat outside

encapsulation ppp

ip tcp adjust-mss 1452

dialer pool 1

dialer-group 1

ppp authentication pap chap callin

ppp chap hostname xxxxxxxxxxx

ppp chap password 7 xxxxxxxxxxxxx

ppp pap sent-username xxxxxxxxxx password 7 xxxxx

ppp ipcp dns request

ppp ipcp wins request

!

ip nat inside source list 10 interface Dialer1 overload

ip nat inside source static 10.134.74.1 interface Dialer1

ip nat outside source list 10 pool 1

ip classless

ip route 0.0.0.0 0.0.0.0 Dialer1

ip route 10.134.74.0 255.255.254.0 192.168.1.2 permanent

map-class dialer DialClass

access-list 10 permit 10.134.74.0 0.0.0.255

dialer-list 1 protocol ip permit

labtel · ‎04-12-2004

I found a solution.

I must define a table of translation (NAT)with each port used.

example :

ip nat inside source static udp 10.134.74.1 1719 interface Dialer1 1719

ip nat inside source static tcp 10.134.74.1 440 interface Dialer1 440

etc ......

Thank's

laurent