cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

898
Views
0
Helpful
5
Replies
Highlighted
Beginner

NAT re-writing DNS records

Hello,

I have a DNS within a DMZ behind a Cisco 2811 router, all behind another firewall. The router is running  ipbasek9 12.4(24)T4 and performing a source static network NAT for the network behind it.

The problem I'm having is that the router is also translating the network prefix within the DNS queries issued against the DNS server. I've ran a series of wireshark traces on both sides of the router that confirms this.

Is there a method to limit the NAT on the router to only translate the IP packet headers and not the data?

Here is an example config of my NAT

ip nat inside source static network 192.168.224.0 192.168.238.0 /24 no-payload

Everyone's tags (3)
5 REPLIES 5

NAT re-writing DNS records

Hi Dave,

The NAT is translating the network addresses in the header and not the data hence the name. Maybe I have misunderstood your question.

Best regards,

Alex

Beginner

Re: NAT re-writing DNS records

It is re-writing the actual DNS queries returned by the server acting on both the header and the date payload. But the no-payload option doesn’t seem to help.

interface FastEthernet0/0

description Interconnect to FW

ip address 192.168.253.46 255.255.255.252

ip nat outside

ip virtual-reassembly

!

interface FastEthernet0/1

description DMZ subnet

ip address 192.168.224.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip nat inside source static network 192.168.224.0 192.168.238.0 /24 no-payload

Beginner

NAT re-writing DNS records

OK - perhaps I just didn't clear out the existing translations Bad me!

NAT re-writing DNS records

Is it working ok now?

Best regards,

Alex

Beginner

Re: NAT re-writing DNS records

Yes it is working nicely. Thank you.

CreatePlease to create content
Content for Community-Ad