[ previous ] [ next ] [ threads ]
 
 From:  Francisco Artes <falcor at netassassin dot com>
 To:  joeymorin at alumni dot uwaterloo dot ca
 Cc:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] dns forwarder
 Date:  Sat, 19 Dec 2009 07:21:22 -0800 
Use the DNS forwarder on the firewall to establish a IP to FQDN for your host.  Make sure the
"domain" in general settings is the same, and do that for the /etc/resolv.conf so that it knows the
correct domain and has the m0n0wall set as a resolve host.  Your external DNS, what ever that is
going to be, would have the external IP to FQDN for the public... but do not use this as a resolve
host for your internal LAN.  If you want to run a local DNS cache server, do that with another IP
address and tell it to forward requests for your internal domain name to the m0n0wall.


On Dec 18, 2009, at 5:59 PM, Joey Morin wrote:

> i'm almost certain this is not a problem with m0n0wall, nor with my config,
> but this list seems the best place to start.
> 
> i've got a server behind a m0n0.  i need to be able to reach it by the same
> name internally as externally.  the dirty solution i've used in the past is
> to create a dns forwarder entry for the external domain with an empty host
> field, and to create inbound nat entries for each service that i need access
> to (http, ftp, etc...).  this is an acceptable solution, since i have only
> one server behind the m0n0.  if i had servcies running on more than one
> machine, i couldn't use this trick.
> 
> this worked fine with my old slackware server.  i could point to
> http://my.domain from an internal machine, and dns served up the internal ip
> of my server.  from an external machine, the same url would get me to the
> same internal server via nat.
> 
> now that i've switched to ubuntu server, it doesn't work anymore.
> 
> i've confirmed that dns forwarding works.  from an internal machine i can
> ping the machine by hostname:
> $ ping hostname
> PING hostname.my.domain (192.168.0.2) 56(84) bytes of data.
> 64 bytes from hostname.my.domain (192.168.0.2): icmp_seq=1 ttl=64 time=1.53
> ms
> ...
> 
> however, when i try by domain:
> $ ping my.domain
> PING my.domain (192.168.0.2) 56(84) bytes of data.
> ^C
> --- my.domain ping statistics ---
> 45 packets transmitted, 0 received, 100% packet loss, time 44320ms
> 
> note that when pinging by domain, the resolved ip is correct, but no packets
> are returned.
> 
> so it looks like ubuntu doesn't like the mis-match. slackware didn't have
> the problem.  the problem is the same whether i try an unbuntu client or a
> windows xp client.
> 
> any ideas what the problem is, or how to fix it?
> 
> thanks,
> jj