Date: Mon, 17 Apr 2000 22:58:39 -0400 From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com> To: Rick Hamell <hamellr@aracnet.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Strange Nat/DNS? problem Message-ID: <20000417225839.B52719@cc942873-a.ewndsr1.nj.home.com> In-Reply-To: <Pine.LNX.4.21.0004170805300.2780-100000@shell1.aracnet.com>; from hamellr@aracnet.com on Mon, Apr 17, 2000 at 08:11:21AM -0700 References: <20000415212715.B46067@cc942873-a.ewndsr1.nj.home.com> <Pine.LNX.4.21.0004170805300.2780-100000@shell1.aracnet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Apr 17, 2000 at 08:11:21AM -0700, Rick Hamell wrote:
>
> > First, where are your DNS servers? Inside or outside of your NAT'ed
> > net? I would guess outside? I thought you said that you _could_ ping
> > any machine outside though? Are we talking about DNS lookups on the
> > NAT machine or on the private net?
>
> Yes, sorry. The DNS servers are OUTSIDE my Nat'd network. BUT I
> can ping any other server by IP address I want too... I just can not ping
> the DNS servers from inside. They're pingable from outside just fine... My
> Windows machine exibits the same behavior so I believe it to be a NAT
> problem vs. DNS... below are my settings.
>
> :rc.local
>
> network_interfaces="auto"
>
> # -- sysinstall generated deltas -- #
> ifconfig_fxp0="inet 216.36.55.89 netmask 255.255.0.0"
^^^^^^^^^^^
Is that the correct netmask?
> ifconfig_de0="inet 198.162.1.1 netmask 255.255.0.0"
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="open"
> nat_enable="YES"
> natd_interface="fxp0" #Public interface
> natd_flags="-f /etc/natd.conf" #addition flags for natd
> defaultrouter="216.36.55.1"
> #router_enable="YES"
> hostname="heorot.grendal.org"
> linux_enable="YES"
> ibcs2_enable="YES"
> lpd_enable="YES"
>
>
> :resolv.conf
> domain grendal.org
> nameserver 216.36.26.5
> nameserver 216.36.0.5
OK, but these DNS settings don't have anything to do with what the
internal machines do for DNS.
> :natd.conf
>
> interface fxp0
> dynamic yes
> use_sockets yes
> same_ports yes
Other than the netmask question, it seems OK, except you left out your
firewall rules, 'ipfw show'.
Turn on a tcpdump on the outer interface and ping a DNS server from
the gateway machine. Then, turn on tcpdump on the inside too and
ping from one of the internal machines. Try to pose the tcpdumps to
catch ARP packets and ICMP... cut out other noise if possible.
--
Crist J. Clark cjclark@home.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000417225839.B52719>