Internal network DNS looping ?

Internal network DNS looping ?

Post by Henr » Sat, 19 Aug 2000 04:00:00



I have a Linux box doing DNS/NAT for my internal network.  The primary DNS
that I give to DHCP clients are from my ISP.  What I'm having trouble with
is getting internal machines to redirect properly, e.g. they type
www.domain.com and getting a response from the proper IP address
xxx.xxx.xx.xx but the webpages never load.  Trying from an outside
connection works fine.  I've got 3 different servers for 3 different IP
addresses and domains, all aliased by the same Linux box and port forwarded
to internal machines.

Can anyone help with this, or do you need more details?
TIA

-Henry

 
 
 

Internal network DNS looping ?

Post by Andrey Smirno » Sat, 19 Aug 2000 04:00:00


Hello,

If you are using portforwarding feature of the Linux kernel you need to have
your internal users to use internal addresses of the webservers vs. external
address. When they try to connect to external address, they get redirected
to internal host, so they basically are trying to go outside (masqueraded)
and come back in (using port forwarding). This scenario will not work.

Try accessing internal hosts directly. Example:

Internet -- Linux Firewall -- Internal Webserver
                                       -- Internal Client

Let Internal Client connect to internal address of the webserver instead of
the address of the Firewall.

Good luck!


> I have a Linux box doing DNS/NAT for my internal network.  The primary DNS
> that I give to DHCP clients are from my ISP.  What I'm having trouble with
> is getting internal machines to redirect properly, e.g. they type
> www.domain.com and getting a response from the proper IP address
> xxx.xxx.xx.xx but the webpages never load.  Trying from an outside
> connection works fine.  I've got 3 different servers for 3 different IP
> addresses and domains, all aliased by the same Linux box and port
forwarded
> to internal machines.

> Can anyone help with this, or do you need more details?
> TIA

> -Henry



 
 
 

1. imap on internal network when external dns down?

The other day my internet connection had an outage, but this caused
unexpected problems using imap and pine from the internal network.
POP was unaffected.  Since the mail clients have the imap server
listed by ip address (10.0.0.1), why would named be needed?  imap and
pine would time out apparently waiting for a response from the
nameserver.  Why is this?  Because I have "ALL: LOCAL
10.0.0.0/255.255.255.0" in my hosts.allow I figure there would be no
dns lookups needed when getting mail via imap from the internal
network.  Any thoughts on how I can make this work without shutting
down named (which does allow me to imap fine with the internet
connection down)?

See my named and hosts.allow setup below -


logging {
        channel my_default_syslog {
                 syslog daemon;       # send to syslog's daemon facility
                 severity warning;       # only send priority info and
higher
        };

category default { my_default_syslog; default_debug; };

options {
        directory "/var/named";
        forwarders{
                x.x.x.x;
                x.x.x.x;
        };
zone "." {
        type hint;
        file "named.ca";
zone "myserver.myip.org"{
        type master;
        file "myserver.db";
zone "0.0.10.in-addr.arpa"{
        type master;
        file "myiprange.db";
zone "0.0.127.in-addr.arpa"{
        type master;
        file "localhost.db";


#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
#ALL: LOCAL <list of internal LAN machines>
ALL: LOCAL 10.0.0.0/255.255.255.0
ALL: LOCAL 127.0.0.1
sshd : ALL
imap : .someone.net
in.telnetd : .someone.net

2. Install prob. not enough memory between 90000h & 9ffffh.

3. How to re-install network & supporting files...

4. get DNS settings for internal network

5. S-VHS/PAL Video card?

6. Problem with DNS service (NAMED) on an internal network

7. Reducing size of X libraries, Ultrix 4.2 - How?

8. DNS server demo on internal network(intranet)

9. Internal Network can't browse the internal Web Server!!!!

10. Iproute2 problem across networks using NAT and 2 internal networks

11. Internal/External Networking with One Network Card

12. Multiple external networks to multiple internal networks