本文介绍如何在FortiGate设备上配置DNS翻译,使内部网络的DNS服务器能够被外部网络访问,并正确解析内部服务器的IP地址。具体步骤包括设置DNS会话助手、创建虚拟IP以及定义DNS翻译规则。
DNS translation translates IP addresses in packets sent by a DNS server from the internal network to the external network. Use DNS translation if you have a DNS server on your internal network that users can access on the external network to find the IP addresses of servers on your internal network.
Note: This is usually a DNS server feature.
Configuring the DNS translation
on your FortiGate unit
- Configure the DNS helper using the CLI. Enter the following commands:
config sys session-helper
edit 15
set name dns_udp
set port 53
set protocol 17
next
edit 16
set name dns_tcp
set port 53
set protocol 6
next
end - Configure one virtual IP for the DNS.
- Configure one virtual IP for each internal server.
- Configure a DNS translation rule for each internal server:
config firewall dnstranslation
edit 1
set dst'external address of the FortiGate'
set netmask 255.255.255.255
set src 'internal address of the server'
next
end
Configuration Example
Step 1: Session-Helper
config sys session-helper
edit 15
set name dns_udp
set port 53
set protocol 17
next
edit 16
set name dns_tcp
set port 53
set protocol 6
next
end
Step 2: VIP for the DNS server
external IP 172.31.224.203
port 53
internal IP 10.100.0.3
port 53
Session 3: VIP for the internal web server
external IP 172.31.224.203
port 80
internal IP 10.100.0.23
port 80
Step 4: DNS translation rule for internal web server
config firewall dsntranslation
edit 1
set dst 172.31.224.203
set netmask 255.255.255.255
set src 10.100.0.23
next
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
