Date: Sat, 12 Feb 2000 01:08:41 -0600 From: "David A. Gobeille" <dgobe@mcs.net> To: freebsd-isp@freebsd.org Subject: DSL firewall and DNS Message-ID: <38A506F9.F402F9D@mcs.net>
next in thread | raw e-mail | index | archive | help
Hello,
Sorry if this is off topic, but I assume many of you have
experience with setting up similar configurations for your
customers.
I would like to setup a FreeBSD 3.4 box as a firewall and also
use it to provide DNS service. The box will have two interfaces,
pn0 and pn1, and I have been assigned a /29 address block.
pn0 will attach to the internal network and will use
192.168.2.254/24 as it's address.
pn1 will attach to the DSL modem and use two of the assigned
addresses, e.g. 200.1.2.50/29 & 200.1.2.51/32 (alias).
The relevant rc.conf lines:
network_interfaces= "pn0 pn1 lo0"
ifconfig_pn0= "inet 192.168.2.254 netmask 255.255.255.0"
ifconfig_pn1= "inet 200.1.2.50 netmask 255.255.255.248"
ifconfig_pn1_alias0="inet 200.1.2.51 netmask 255.255.255.255"
Will using the named configuration below satisfy the following
requirements?
1. When I register "company.com" with a registrar, will
I be able to use 200.1.2.50 & 51 as my name server
addresses? (I understand the fault tolerance issues
and I only have one computer for now, I want the single
machine to appear as two distinct name servers.)
2. Internal machines can query for addresses on the
internal LAN and any Internet hosts.
3. Any Internet host can query the domain for addresses
using the 200.1.2.48/29 address block.
Configuration files for named: (feel free to make comments or correct
any errors in the configuration :-)
****************************** named.conf
options {
directory "/etc/namedb";
forwarders {
isp's dns server;
ditto;
};
};
zone "." {
type hint;
file "named.root";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "localhost.rev";
};
zone "company.com" {
type master;
file "company.com";
};
zone "2.168.192.in-addr.arpa" {
type master;
file "company.com.rev";
};
zone"48/29.2.1.200.in-addr.arpa" {
type master;
file "external.rev";
};
*****************************************
************************************ localhost.rev
@ IN SOA fw.company.com. root.company.com. (
1998051000 ; Serial
3600 ; Refresh
900 ; Retry
3600000 ; Expire
3600 ) ; Minimum
IN NS ns1.company.com.
IN NS ns2.company.com.
1 IN PTR localhost.company.com.
************************************
************************************ company.com
company.com. IN SOA fw.company.com. root.company.com. (
1998060101 ; Serial
86400 ; Refresh
7200 ; Retry
8640000 ; Expire
86400 ) ; Minimum
;name servers
IN NS ns1
IN NS ns2
ns1 IN A 200.1.2.50
ns2 IN A 200.1.2.51
; Hosts
localhost IN A 127.0.0.1
fw IN A 192.168.2.254
internal IN A 192.168.2.1
external IN A 200.1.2.52
************************************
************************************ company.com.rev
@ IN SOA fw.company.com. root.company.com. (
1998080700 ; Serial
86400 ; Refresh
7200 ; Retry
8640000 ; Expire
86400 ) ; Minimum
;name servers
IN NS ns1.company.com.
IN NS ns2.company.com.
; PTR records
1 IN PTR internal.company.com.
254 IN PTR fw.company.com.
************************************
************************************ external.rev
$ORIGIN 48/29.2.1.200.in-addr.arpa.
@ IN SOA fw.company.com. root.company.com. (...)
@ NS ns1.company.com.
@ IN NS ns2.company.com.
50 PTR ns1.company.com.
51 PTR ns2.company.com.
52 PTR external.company.com.
************************************
Any help is most welcome, thanks.
--
Dave
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38A506F9.F402F9D>