I have added this since a friend of mine told me something I have
totally forgotten. Certain stupid Internet Service Providers use
IP addresses assigned by IANA for their local
networks on which you connect to. For example, the Swedish Internet Service
Provider and phone monopoly Telia uses this approach for example on their
DNS servers, which uses the 10.x.x.x IP address range.
A common problem that you may run into when writing your scripts, is that you
do not allow connections from any IP addresses in the 10.x.x.x range to
yourself, because of spoofing possibilities. Well, here is unfortunately an
example where you actually might have to lift a bit on those rules. You might
just insert an ACCEPT rule above the spoof
section to allow traffic from those DNS servers, or
you could just comment out that part of the script. This is how it might look:
/usr/local/sbin/iptables -t nat -I PREROUTING -i eth1 -s \
10.0.0.1/32 -j ACCEPT
I would like to take my moment to bitch at these Internet Service
Providers. These IP address ranges are not assigned for you to use for dumb
stuff like this, at least not to my knowledge. For large corporate sites it is
more than o.k., or your own home network, but you are not supposed to force us
to open up ourselves just because of some whim of yours. You are large Internet
providers, and if you can't afford buying some 3-4 IP addresses for your
DNS servers, I have a very hard time trusting you.
