From owner-freebsd-questions@FreeBSD.ORG Sun Mar 19 13:47:04 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4B46016A41F for ; Sun, 19 Mar 2006 13:47:04 +0000 (UTC) (envelope-from dulrich@aspirine.li) Received: from aspirine.li (84-74-206-14.dclient.hispeed.ch [84.74.206.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id BEFE343D45 for ; Sun, 19 Mar 2006 13:47:03 +0000 (GMT) (envelope-from dulrich@aspirine.li) Received: from [192.168.0.1] (unknown [192.168.0.1]) by aspirine.li (Postfix) with ESMTP id 85DF5E6EE3 for ; Sun, 19 Mar 2006 14:35:20 +0100 (CET) Mime-Version: 1.0 (Apple Message framework v746.3) Content-Transfer-Encoding: 7bit Message-Id: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed To: freebsd-questions@freebsd.org From: David Ulrich Date: Sun, 19 Mar 2006 14:47:00 +0100 X-Mailer: Apple Mail (2.746.3) Subject: Nat, dhcpd and ipfw X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 Mar 2006 13:47:04 -0000 Hi, I'm running a FreeBSD 6.0 on my new router. I want to user it for webserver, fileserver, router and dhcp server. This computer is between my clients and my modem. I have 2 ethernet interfaces. The interface which is on internet side (vr0) use dhclient, the other is on an fixed IP (re0). I have installed dhcpd and natd succesfully. My clients get an good IP and I can ping the world ! But my problem is that I can't ping the world with dns.... an example: I can ping 216.239.39.105 which is google.ch, but when I ping google.ch it returns -> ping:unknow host google.ch From the server I can ping google.ch (it resolve dns name). I have probabiliy misconfigured something but what? I stricly have read the how-to, manuals, etc.... I don't have fixed domain name servers and I don't think it's usefull. I just need that dns request are taken from "vr0" to "re0"... WORLD <--> re0 ; MYSERVER ; vr0 <--> my clients ############### rc.conf ############### # -- sysinstall generated deltas -- # Wed Mar 15 14:08:02 2006 # Created: Wed Mar 15 14:08:02 2006 # Enable network daemons for user convenience. # Please make all changes to this file, not to /etc/defaults/rc.conf. # This file now contains just the overrides from /etc/defaults/rc.conf. gateway_enable="YES" natd_enable="YES" natd_interface="re0" natd_flags="-s -u -m" ifconfig_re0="DHCP" dhcpd_enable="YES" dhcpd_iface="vr0" dhcpd_flags="vr0" keymap="swissfrench.iso.acc" nfs_server_enable="YES" rpcbind_enable="YES" saver="fire" scrnmap="NO" sshd_enable="YES" usbd_enable="YES" mysql_enable="YES" apache_enable="YES" firewall_enable="YES" firewall_logging_enable="YES" firewall_type="open" hostname="Beastie.aspirine.li" ifconfig_vr0="inet 10.192.168.5 netmask 255.255.255.0" ################### dhcpd.conf ################## # dhcpd.conf # # Sample configuration file for ISC dhcpd # # option definitions common to all supported networks... option domain-name "aspirine.li"; #option domain-name-servers 62.2.24.162, 62.2.17.60; default-lease-time 600; max-lease-time 7200; # If this DHCP server is the official DHCP server for the local # network, the authoritative directive should be uncommented. authoritative; # ad-hoc DNS update scheme - set to "none" to disable dynamic DNS updates. ddns-updates off; ddns-update-style none; # Use this to send dhcp log messages to a different log file (you also # have to hack syslog.conf to complete the redirection). log-facility local7; subnet 10.192.168.0 netmask 255.255.255.0 { range 10.192.168.1 10.192.168.4; option domain-name "aspirine.li"; option domain-name-servers 10.192.168.5; default-lease-time 600; max-lease-time 7200; option routers 10.192.168.5; option broadcast-address 10.192.168.255; } ############### ipfw show ##################### 00050 403 40917 divert 8668 ip from any to any via re0 00100 56 6030 allow ip from any to any via lo0 00200 0 0 deny ip from any to 127.0.0.0/8 00300 0 0 deny ip from 127.0.0.0/8 to any 65000 440 45853 allow ip from any to any 65535 11 1288 deny ip from any to any