[ previous ] [ next ] [ threads ]
 
 From:  "Mark Gilbert" <mgilbert at marinhd dot com>
 To:  <tnelson at fudnet dot info>
 Cc:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] DNS Issues on Opt 1 network
 Date:  Mon, 7 Aug 2006 16:19:03 -0700 
I don't think it is a DNS misconfiguration.  I will add a link to a diagram of the network so you
can see better how it is setup.
 
Thanks,
 
Mark

________________________________

From: tnelson at fudnet dot info [mailto:tnelson at fudnet dot info]
Sent: Mon 8/7/2006 3:40 PM
To: Mark Gilbert
Subject: RE: [m0n0wall] DNS Issues on Opt 1 network



You also may want ot check that your rules are in the proper order. I
don't know how many times I've added an allow rule right AFTER my block
all rule only to find it doesn't work. Just a thought... I have a similar
setup to yours with no problems. My OPT1 rules allow traffic to my DNS
server and all other traffic is blocked from the OPT to LAN interface. Are
hosts on your LAN network still able to resolve addresses properly? If
not, it could be a misconfiguration of the DNS server.

--Tim
> I duplicated the LAN rule and created a OPT1 rule which is identical.
> Again what is odd is desktops can resolve when I add an outside DNS
> address but cannot work when using the server IP.  When I hook them back
> up to there Linksys firewall I have no problems.
>
> Thanks
>
> ________________________________
>
> From: tnelson at fudnet dot info [mailto:tnelson at fudnet dot info]
> Sent: Mon 8/7/2006 3:06 PM
> To: Mark Gilbert
> Subject: Re: [m0n0wall] DNS Issues on Opt 1 network
>
>
>
> Mark-
>
> Make sure you have a rule allowing traffic from the OPT1 interface to the
> LAN interface.
>
> --Tim
>
>> My lan network is 192.168.2.0 with lan gateway of 192.168.2.2.
>> The 2000 server is 192.168.2.1 and is providing DNS resolution.
>>
>> I have setup my OPT1 with a network of 192.168.1.0 and the OPT1 gateway
>> is
>> 192.168.1.1
>> The 2000 server for that network is providing DNS resolution.
>>
>> I have setup a rule in the OPT1 interface allowing traffic from the OPT1
>> interface to go out without restrictions similar to the LAN rule.
>>
>> Everything is great but non of the systems trying to go out to the
>> internet from the OPT1 network cannot resolve internet addresses.  I am
>> able to RDP into systems meaning I am able to remote control systems on
>> the internet.  But no DNS resolution.  The firewall log says there is
>> communication on UDP 53.
>>
>> If I change the DNS of the local PC from pointing to the server
>> 192.168.1.2 to for example 4.2.2.2 then I am able to get out onto the
>> internet.
>>
>> Very fustrating.
>>
>> Thanks,
>>
>> Mark
>>
>
>
>
>
>