[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    DNS proxy daemon for ipfilter
From:       Darren Reed <darrenr () reed ! wattle ! id ! au>
Date:       2007-06-11 5:57:57
Message-ID: 466CE465.1010607 () reed ! wattle ! id ! au
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
There seem to be a few DNS proxies out there but all seemed aimed
at doing proxy+cache without being seemingly easy to control what
is accepted or denied.  Plus none of them work with rdr rules in
ipnat.  And I got tired of bind being so big and hard to make work
and I didn't want to dabble with the other main alternative (there
would be more work trying to get it architected right to do the
transparent stuff, I'm sure.)

So this was my weekend project.  Oh, it does no caching (yet.)
There are man pages in the .tgz.

http://coombs.anu.edu.au/~avalon/dns-proxy.tgz

Configuration goes something like this:

port fred 192.168.1.1 5053 transparent;
forwarders { 2.2.2.1, 2.2.2.3; };
acl all port fred { block *.xxx;};
acl all port fred { allow .cnn.com; reject cnn.com; };

To be used with rules like:
rdr fxp0 0/0 port 53 -> 192.168.1.1 port 5053 udp

Also, seperate to this, there will be a dns proxy in
IPfilter 5 that allows similar things to be done.
That can be used on the outbound side of a firewall
hosting named with map rules :)

Darren

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
 
iD8DBQFGbORlP7JIXtvLbFURAgSmAJ0eWEAzl+M8b32aJzOzc6hRLYVFFACfc0Pr
UBsMZqqFCN0zCK3Bj68CKEM=
=a4gP
-----END PGP SIGNATURE-----

[prev in list] [next in list] [prev in thread] [next in thread]