1. network topology:
Requirement: all traffic destined for the Internet on the Intranet is forwarded to a DNS server on the Intranet.
Source Demand Stickers: http://bbs.51cto.com/thread-939762-1.html
---- Using linux testing, this method can also be considered a DNS spoofing technology
2. configuration steps:
A. linux gateway Configuration:
① Enable route forwarding:
Echo "1">/proc/sys/net/ipv4/ip_forward
② Configure PAT:
Iptables-t nat-a postrouting-o eth0-s 10.1.1.0/24-j MASQUERADE
③ Configure port redirection:
Iptables-t nat-a prerouting-p udp -- dport 53-j DNAT -- to 10.1.1.10
B. R2 Configuration:
① Configure it as a DNS server:
Ip dns server
② Configure resolution entries:
Ip host www.baidu.com 10.1.1.1
C. R1 Configuration:
Specify the DNS server as a public network
Ip name-server 202.1.1.2
3. test:
A. R1 can access the public network:
R1 # ping 202.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 202.1.1.2, timeout is 2 seconds:
!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/22/32 MS
B. R1 find the public network server to resolve the Domain Name:
R1 # ping www.baidu.com
Translating "www.baidu.com"... domain server (202.1.1.2) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 12/20/32 MS
----Www.baidu.com is the address 10.1.1.1 set above R2, and the following is the packet capture
This article is from the "httpyuntianjxxll. spac..." blog, please be sure to keep this source http://333234.blog.51cto.com/323234/947227