Using iptables to redirect traffic to a dynamic DNS name instead of an IP address?

networking linux iptables dns

Solution 1:

IPTables does not support on-the-fly DNS resolution, because it involves security, performance and implementation issues.

If someone was able to modify DNS records for your domain, it would affect IPTables rules.

If IPTables did a DNS lookup on every incoming packet or even connection initiation packet, it would be really slow.

Also, if there are multiple A records for a domain name, which one would IPTables use?

To accomplish what you are looking for, you would need to implement a system where the host running IPTables would periodically check what is the IP address for your dynamic host name, and then change its rules accordingly.

Another alternative would be to have a software on your computer on your home network, which monitors current public IP address, and then sends it to your IPTables server, which reconfigures the IPTables.

I don't know any particular software that could do this for you.

Solution 2:

For the reasons well explained by Tero Kikanen, iptables is not the tool to do what you wish. You should use ssh instead.

Let's call:

  1. hostA your local pc;

  2. hostB your Debian server;

  3. hostC your home pc.

If you want to forward your ssh session, for instance, you need to add, on pc hostA, the following line to your file .ssh/config:

Host hostC
ProxyCommand ssh hostB -W %h:%p

and make sure you have login credentials to hostC on hostA. Now, from hostA, you may connect to hostC as follows:

ssh me@hostc

In this, you do not need to use IP addresses, unresolved names are just fine. Also, you may add all sorts of options (things like port, crypto key file, user, and so on) either on the Proxy Command file or on the CLI (it depends on whether the option is for B->C connection, or for A->B connection respectively).

By the same token, you can forward a given port (portA) on hostA to a different port (portC) on hostC thru the intermediary of hostB, as follows:

ssh -L portA:hostC:portC me@hostB

Once again, no need to use IP addresses, simple names will do. Another major advantage of ssh is that all communications are automatically encrypted, so no one will be able to see what you are doing.

Lastly, if you do not know how to give a (free!) name to a pc without a static IP address (hostC), just check noip, it is trivial.

Related

My monitor doesn't auto-turn off!
Java services stop working when user logs out
MS Security Essentials does not update automatically
How to see a friend's reviews on the App Store?
Assigning Values to Subsets of Subsets
How to bind a list of items to textbox inside stackpanel
Send Email from ASPX page using VB [closed]
How to get random item from a list in python3 without any module
Check if a node is present in Path from A to B in tree
eclipse 2021 version in dynamic web project there is WebContent is not available ! where i am supposed to write my html and java code for servlet? [duplicate]
Formulating the "close enough to zero" condition
How to generate a random integer in the range [0,n] from a stream of random bits without wasting bits?