From owner-freebsd-isp Fri Feb 11 23:30:30 2000 Delivered-To: freebsd-isp@freebsd.org Received: from Kitten.mcs.net (Kitten.mcs.com [192.160.127.90]) by builder.freebsd.org (Postfix) with ESMTP id 8C0573F41 for ; Fri, 11 Feb 2000 23:30:16 -0800 (PST) Received: from mcs.net (dgobe.pr.mcs.net [204.137.234.195]) by Kitten.mcs.net (8.9.3/8.9.3) with ESMTP id BAA02958 for ; Sat, 12 Feb 2000 01:09:18 -0600 (CST) (envelope-from dgobe@mcs.net) Message-ID: <38A506F9.F402F9D@mcs.net> Date: Sat, 12 Feb 2000 01:08:41 -0600 From: "David A. Gobeille" X-Mailer: Mozilla 4.7 [en] (X11; U; FreeBSD 3.4-RELEASE i386) X-Accept-Language: en MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: DSL firewall and DNS Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello, Sorry if this is off topic, but I assume many of you have experience with setting up similar configurations for your customers. I would like to setup a FreeBSD 3.4 box as a firewall and also use it to provide DNS service. The box will have two interfaces, pn0 and pn1, and I have been assigned a /29 address block. pn0 will attach to the internal network and will use 192.168.2.254/24 as it's address. pn1 will attach to the DSL modem and use two of the assigned addresses, e.g. 200.1.2.50/29 & 200.1.2.51/32 (alias). The relevant rc.conf lines: network_interfaces= "pn0 pn1 lo0" ifconfig_pn0= "inet 192.168.2.254 netmask 255.255.255.0" ifconfig_pn1= "inet 200.1.2.50 netmask 255.255.255.248" ifconfig_pn1_alias0="inet 200.1.2.51 netmask 255.255.255.255" Will using the named configuration below satisfy the following requirements? 1. When I register "company.com" with a registrar, will I be able to use 200.1.2.50 & 51 as my name server addresses? (I understand the fault tolerance issues and I only have one computer for now, I want the single machine to appear as two distinct name servers.) 2. Internal machines can query for addresses on the internal LAN and any Internet hosts. 3. Any Internet host can query the domain for addresses using the 200.1.2.48/29 address block. Configuration files for named: (feel free to make comments or correct any errors in the configuration :-) ****************************** named.conf options { directory "/etc/namedb"; forwarders { isp's dns server; ditto; }; }; zone "." { type hint; file "named.root"; }; zone "0.0.127.IN-ADDR.ARPA" { type master; file "localhost.rev"; }; zone "company.com" { type master; file "company.com"; }; zone "2.168.192.in-addr.arpa" { type master; file "company.com.rev"; }; zone"48/29.2.1.200.in-addr.arpa" { type master; file "external.rev"; }; ***************************************** ************************************ localhost.rev @ IN SOA fw.company.com. root.company.com. ( 1998051000 ; Serial 3600 ; Refresh 900 ; Retry 3600000 ; Expire 3600 ) ; Minimum IN NS ns1.company.com. IN NS ns2.company.com. 1 IN PTR localhost.company.com. ************************************ ************************************ company.com company.com. IN SOA fw.company.com. root.company.com. ( 1998060101 ; Serial 86400 ; Refresh 7200 ; Retry 8640000 ; Expire 86400 ) ; Minimum ;name servers IN NS ns1 IN NS ns2 ns1 IN A 200.1.2.50 ns2 IN A 200.1.2.51 ; Hosts localhost IN A 127.0.0.1 fw IN A 192.168.2.254 internal IN A 192.168.2.1 external IN A 200.1.2.52 ************************************ ************************************ company.com.rev @ IN SOA fw.company.com. root.company.com. ( 1998080700 ; Serial 86400 ; Refresh 7200 ; Retry 8640000 ; Expire 86400 ) ; Minimum ;name servers IN NS ns1.company.com. IN NS ns2.company.com. ; PTR records 1 IN PTR internal.company.com. 254 IN PTR fw.company.com. ************************************ ************************************ external.rev $ORIGIN 48/29.2.1.200.in-addr.arpa. @ IN SOA fw.company.com. root.company.com. (...) @ NS ns1.company.com. @ IN NS ns2.company.com. 50 PTR ns1.company.com. 51 PTR ns2.company.com. 52 PTR external.company.com. ************************************ Any help is most welcome, thanks. -- Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message