Date: Sun, 17 Sep 2000 21:40:15 -0400 From: mgruver@reveregroup.com To: freebsd-questions@freebsd.org Cc: jan@smartsoft.cc Subject: Re: I think I have a DNS caching problem... Message-ID: <8625695E.00095491.00@main.reveregroup.com>
next in thread | raw e-mail | index | archive | help
Jan, Thank you so much for your response. Actually I have Greg Lehey's excellent book (I bought the whole BSDi Powerpak). And believe me, it gets better by the day (the more I understand it's wisdom). In fact, I attempted the road you suggested first (before I went the tinyproxy route), however when I rebooted after recompiling and Kernel and adding the rc.conf natd and firewall variables, all IP communication to and from the server ceased. I could not ping it, and I could not ping out by DNS name or IP. The old "unknown host" deal. Now, one thing I did not try was the custom firewall_type=/etc/ipfw.conf you suggested. I had already tried direct rules in the rc.conf and passing the "open" parm to the firewall_type. No joy. I agree with your first statement though. The more I work with this thing the less and less it appears to be a DNS thing. And you are right, I do want to use my ISPs DNS server and not my own (I think). I think I may give the ipfw.conf thing a try. BTW, I am feeling pretty Kneppie! Mike ------------------------------------------------------ jan@smartsoft.cc wrote: What you have does not sound to me like a DNS caching problem. Starting 'named' does not make much sence if you are not doing your own DNS as far as I can tell. What you need to do it setup NAT (Network Address Translation). In case you have the book "The Complete FreeBSD" by Greg Lehey, I suggest you go to page 506 and futher. In case you don't... Buy it! It's worth it! But I will give you in short what to do: 1. Configure kernel with: options IPFIREWALL options IPDIVERT 2. Make sure your system is running as gateway: /etc/rc.conf defaultrouter="a.b.c.d" # IP of Cable modem?! gateway_enable="YES" 3. Make sure your interface(s) are running. ifconfig -a ??? 4. Make sure you have the following entry in /etc/services: natd 8668/divert # Network Address Translation 5. Make sure your firewall is setup as in /etc/rd.conf firewall_enable="YES" firewall_type=/etc/ipfw.conf 6. Make /etc/ipfw.conf add 100 divert natd all from any to any via <your interface to internet!> add 200 pass all from any to any 7. Enable NAT in /etc/rc.conf: natd_enable="YES" natd_interface="<your interface to internet!> REBOOT! (with a kernel with IPFIREWALL!) HTH Don't worry, be Kneppie! Jan ---------------------------------------------- mgruver@reveregroup.com wrote: > I am a FreeBSD Newbie who recently installed Version 4.4 on a small server. I > am using it as a dual-homed host?, or gateway?, or NAT/Firewall for a LAN in my > home. I installed 4.4 pretty bare-bones on a Pentium 90 with two ethernet cards > in it. One was connected to my Road Runner Motorola cable modem and configured > for DHCP. The other was connected into the hub and given a 192.168.x.x > non-routable. > > I edited the /etc/rc.conf with vi to verify the gateway_enabled="YES" and > natd_enabled="YES" and natd_interface=dc0 (yes is is a cheat Netgear card but > the other one is a 3Com!). I specifically did not enable the firewall keywords > or recompile the Kernel with the IPFIREWALL IPDIVERT options. I had a bad > experience over the past few weeks with that (which I won't go into). > > I edited the /etc/hosts file (which after additional experimentation I don't > think I needed to do that) and went back to the /stand/sysinstall and loaded a > little goody I found in /usr/local/sbin/tinyproxy -a Host: -a Authorization: and > had a working http proxy server for my Windows 9X systems in the house (they all > work after setting the proxy setting in IE with the 192.168.x.x IP of the server > and the port to 8080). > > However, the problem is DNS name queries (I hope I am using the correct term > here) fail from inside the LAN. I can ping hosts by name (www.interland.com) > from the server, however I can't from the Windows boxes inside. > > I started the named daemon (with no options) but that hasn't helped. > > BTW, my paltry FreeBSD server/config has already resisted three (3) seperate > intrusion attempts in less than 24 hours! > > Any ideas?... > > Thanks, > > mgruver@reveregroup.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Jan Knepper Smartsoft, LLC 88 Petersburg Road Petersburg, NJ 08270 U.S.A. http://www.smartsoft.cc/ http://www.mp3.com/pianoprincess Phone : 609-628-4260 FAX : 609-628-1267 FAX : 303-845-6415 http://www.fax4free.com/ Phone : 020-873-3837 http://www.xoip.nl/ (Dutch) FAX : 020-873-3837 http://www.xoip.nl/ (Dutch) In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe <forsythe@alum.mit.edu> To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?8625695E.00095491.00>