mirror of https://github.com/status-im/consul.git
DNS forwarding with iptables
Adding notes on using iptables to forward ports
This commit is contained in:
parent
6185888f1f
commit
f142d4ab04
|
@ -14,9 +14,9 @@ or root account, it is possible to instead forward appropriate queries to Consul
|
||||||
running on an unprivileged port, from another DNS server.
|
running on an unprivileged port, from another DNS server.
|
||||||
|
|
||||||
In this guide, we will demonstrate forwarding from [BIND](https://www.isc.org/downloads/bind/)
|
In this guide, we will demonstrate forwarding from [BIND](https://www.isc.org/downloads/bind/)
|
||||||
as well as [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html).
|
as well as [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) and [iptables](http://www.netfilter.org/).
|
||||||
For the sake of simplicity, BIND and Consul are running on the same machine in this example,
|
For the sake of simplicity, BIND and Consul are running on the same machine in this example,
|
||||||
but this is not required.
|
but this is only required for iptables.
|
||||||
|
|
||||||
It is worth mentioning that, by default, Consul does not resolve DNS
|
It is worth mentioning that, by default, Consul does not resolve DNS
|
||||||
records outside the `.consul.` zone unless the
|
records outside the `.consul.` zone unless the
|
||||||
|
@ -126,6 +126,18 @@ for additional details):
|
||||||
#cache-size=65536
|
#cache-size=65536
|
||||||
```
|
```
|
||||||
|
|
||||||
|
### iptables Setup
|
||||||
|
|
||||||
|
On Linux systems that support it, incoming requests and requests to localhost can use iptables
|
||||||
|
to forward ports on the same machine without a secondary service.
|
||||||
|
|
||||||
|
```
|
||||||
|
iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600
|
||||||
|
iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600
|
||||||
|
iptables -t nat -A OUTPUT -d localhost -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600
|
||||||
|
iptables -t nat -A OUTPUT -d localhost -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600
|
||||||
|
```
|
||||||
|
|
||||||
### Testing
|
### Testing
|
||||||
|
|
||||||
First, perform a DNS query against Consul directly to be sure that the record exists:
|
First, perform a DNS query against Consul directly to be sure that the record exists:
|
||||||
|
|
Loading…
Reference in New Issue