Problem with DNS through a gateway

Problem with DNS through a gateway

Post by Jim Hayn » Fri, 16 Jun 2006 03:46:32



I have a machine with dialup networking that acts as a gateway
to my small LAN.  Running Fedora Core 4 everything works fine.
(or as fine as possible, considering the slow outside networking)
I put on a Fedora Core 5 test installation and used the same
iptables incantation that works for FC4.  With no change to the
other machines on the LAN they can ping to a numeric IP address
through the gateway but they don't get DNS service.  DNS does
work on the gateway machine under FC5.  Any clues?
--

jhhaynes at earthlink dot net

 
 
 

Problem with DNS through a gateway

Post by Raqueeb Hassa » Fri, 16 Jun 2006 13:26:27


Quote:> other machines on the LAN they can ping to a numeric IP address
> through the gateway but they don't get DNS service.  DNS does
> work on the gateway machine under FC5.  Any clues?

If I understand you correct, you wanted to provide DNS service to your
LAN. Did you have your FC5 machine's DNS configured properly? Should
you run a dhcpd on that machine, you can configure it assigning DNS
address along with IP addresses. You might like to run a cache-only
(caching only) or forwarding DNS to your ISP's DNS server over your
slow connection .

Here is an example you can count on.

http://www.zytrax.com/books/dns/ch6/

Or

You may not need a DNS server at all, should you use IP masquerading
where your LAN's machines are configured to use ISP's DNS server.

--
Raqueeb Hassan
Bangladesh

 
 
 

Problem with DNS through a gateway

Post by Moe Tr » Sat, 17 Jun 2006 05:02:05


On Wed, 14 Jun 2006, in the Usenet newsgroup comp.os.linux.networking, in


Quote:>I put on a Fedora Core 5 test installation and used the same
>iptables incantation that works for FC4.  With no change to the
>other machines on the LAN they can ping to a numeric IP address
>through the gateway but they don't get DNS service.  DNS does
>work on the gateway machine under FC5.  Any clues?

"The other boxes" - where are they looking for DNS?  Assuming a *nix O/S
on them - what's in /etc/resolv.conf?  (If windoze, there's probably some
icon to click on to find out.)  On the gateway box, does
'/usr/sbin/tcpdump -i eth0' show those boxes making DNS queries? To who?
On the gateway box, does '/usr/sbin/tcpdump -i ppp0' show these same
queries going out with the source address of the ppp0 interface? Do
you see DNS replies coming back in from where-ever?  Did the reply get
forwarded back to the local boxes?

        Old guy

 
 
 

Problem with DNS through a gateway

Post by Jim Hayn » Sat, 17 Jun 2006 05:06:35




>You may not need a DNS server at all, should you use IP masquerading
>where your LAN's machines are configured to use ISP's DNS server.

That is correct - it works with the FC4 gateway with IP masquerading
and the LAN machines use the ISP DNS server.  It's just when I run the
gateway on FC5 that DNS fails.  Thanks to Moe Trin for the suggestions
to use tcpdump and see if DNS queries are flying around on either side
of the gateway.  I'll try that.
--

jhhaynes at earthlink dot net

 
 
 

1. Problem Connecting to VPN thru a linux Gateway

Help,

I am having a problem trying to connect to a remote VPN from a win2k
machine that is attached to my local network thru linux gateway.

Typically I would connect a laptop to my local LAN and use it to access
the internet and VPN into my company network. However, recently I have
been having problems connecting to the VPN. It would fail during the
verification of the user and password stage (no it is not a password
problem). If I connect the laptop directly to my cable modem, then I can
VPN fine. So I concluded that I must have changed something in my
configuration on the server to cause this to happen. However, I can not
figure out what.

The configuration:

I have a RH9 Linux server connected to my cable modem on eth1. Eth0 is
connected to a switch which enables my local LAN. This server acts as the
gateway to the internet. It employs Iptables as the firewall.

After scouring the configuration and documentation, I have come up empty
as to the problem.

My VPN connection uses PPTP.  My iptables configuration uses POSTROUTED
SNAT to allow clients access to the internet.  The GRE Protocol as well as
the VPN port (1723) are given inbound access (as well as other services).
Outbound access is also open.

I had even set all my chains to accept everything and I still was unable
to establish a VPN connection.

Finally I used ethereal to look at the packets and I noticed something
strange.

I saw that every packet from the client machine (on eth0) was replicated
on eth1 from the server.  This I realized must be because of SNAT.
However, I noticed that any packet for the GRE protocol was not being
replicated (hence, not being SNATed or forwarded). Additionally, when the
remote VPN server sent a PPP LCP Configuration Request packet over GRE, my
Linux gateway would reply with an ICMP (Destination Unreachable) instead
of forwarding it to the client laptop.

My guess is that SNAT is unable to determine how to properly route those
packets. But this is a guess and I'm probably off the mark.

Anyway, if you think you can help me with this problem, then send me an
email directly. I have been buried in this for awhile now, so I realize
that my description above may be a bit weak and lacking of details. So if
you require any other information, then please let me know.

Thanks,

Tom

2. I am k00l, coz I use Linux (man, get a life) [Was: Boycott Microsoft!!!]

3. Problem with DNS on NT, Solaris Gateway

4. Which linux to install

5. how to forward all mail to a gateway (and a DNS MX problem).

6. How to get terminal responses string ?

7. DNS gateway problem in my local network using natd

8. test -please ignore this message

9. DNS problem with IP Masq Gateway

10. DNS + gateway problem

11. DNS problem with linux gateway

12. Gateway DNS problem

13. Obtaining list of used ports thru masq'd gateway