[lug] Qwest Basic service w/ single static IP

Lee Woodworth blug-mail at duboulder.com
Wed Sep 14 22:53:03 MDT 2005 

David L. Anselmi wrote:
> Lee Woodworth wrote:
> [...]
> 
>>> Yes.  I'm still using a Cisco 678 and you can get one on eBay cheap.  
>>> I haven't looked at Actiontec specifically but every other cable/DSL 
>>> modem I've seen does DNAT with no limitations.
>>
>>
>> The cisco 678 has a dns forwarder. I setup a client with one and we
>> used the modem as the dns server for his windows box.
> 
> 
> I think you're mistaken.  My 678 doesn't do anything with DNS.  It can 
> be told what the ISP's servers are and passes them out via DHCP but 
> that's all.  It doesn't listen to port 53 on LAN or WAN.  Forwarding DNS 
> through it (DNAT) works fine.  Ditto for HTTP (though I have the web 
> interface of the modem disabled--I'm not sure that matters though).
I thought thats what it did (about 2 years ago), but maybe I am thinking
of a linksys router box that was also being used.

> 
> [...]
> 
>>> What is a DNS forwarder?  Can you describe how it works?  Doesn't 
>>> seem like that would be terribly useful in a DSL modem so I wonder if 
>>> there isn't a way round this.
>>
>>
>> Think dnscache. Its so that home users can just be pointed at the modem
>> for the client dns. Some devices like the linksys cable/dsl routers can
>> grab their dns servers from the dhcp server. Less stuff for the tech 
>> support people to know.
> 
> 
> I see, that makes sense.  Seems like an odd thing to put in a DSL modem.
> 
> [...]
> 
>> There are iptables rules which route all traffic to/from port 53/any
>> address any interface to a dproxy process through a netlink device.
>> I've tried deleting the port 53 rules, but replies don't seem to make
>> it back to ethernet interface.
> 
> 
>  From the LAN I could understand, but exposing port 53 on the WAN sounds 
> stupid.  So there's your reason to hack the thing and put your own 
> distro on it.
The forwarder has to get the replies to its query packets so it needs
to redirect port 53 on the wan side too.
> 
> Good luck.
> 
> Dave
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug

More information about the LUG mailing list