[ previous ] [ next ] [ threads ]
 
 From:  Joey Morin <joeymorin at gmail dot com>
 To:  m0n0wall <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] dns forwarder
 Date:  Mon, 28 Dec 2009 15:04:15 -0500
hi gang,

here's an update.

i dug my old slackware box out of the closet and fired it up.  i then
recreated the dns forwarder config that i'd used years ago (almost certainly
with a 1.2ish m0n0 at the time).

it doesn't work.  that is, the problem is the same as i indicated in my
first post.  the dns forwarder part of the equation seems to work.  if i
point my.domain to my internal slackware machine, and then ping my.domail
from another internal machine, the domain is clearly being converted to the
correct internal ip, but there are no replies to the ping.  likewise, a web
browser pointed to http://my.domain (which is the point of this whole
exercise) simply times out.

so it seems that something has changed in 1.3.

any ideas what on earth could be causing this?

cheers,
jj


> hi francisco,
>
> On Sat, Dec 19, 2009 at 10:21 AM, Francisco Artes <falcor at netassassin
dot com>wrote:
>
> > Use the DNS forwarder on the firewall to establish a IP to FQDN for your
> > host.
>
> this is what the m0n0 dns forwarder looks like:
>     Host    Domain          IP              Description
>             my.domain      192.168.0.2      (for internal redirection)
>     myhost  my.domain      192.168.0.2      server
>
> > Make sure the "domain" in general settings is the same,
>
> it is.
>
> > and do that for the /etc/resolv.conf so that it knows the correct domain
> > and has the m0n0wall set as a resolve host.
>
>
> you mean on the ubuntu server?  here's my /etc/resolv.conf:
>     $ cat /etc/resolv.conf
>     domain my.domain
>     search my.domain
>     nameserver 192.168.0.1
>
> the nameserver points to the m0n0.  all configuration is done through dhcp
>
> > Your external DNS, what ever that is going to be, would have the
external IP
> > to FQDN for the public... but do not use this as a resolve host for your
> > internal LAN.
>
> of course.
>
> > If you want to run a local DNS cache server, do that with another IP
> > address and tell it to forward requests for your internal domain name to
the
> > m0n0wall.
> >
>
> i have no need to run a local dns (other than the m0n0), and would rather
> not do so just to fix this problem.  in any case, i'm not convinced it
> would, since the problem appears to be with ubuntu.  it will respond to
ping
> (and other service requests) when addressed by hostname, hostname with
> domain, and by ip.  however, despite the hostname-less dns forwarder entry
> (which worked perfectly for my old slackware box), it will not respond to
> pings or service requests by domain only, even though it's clear the ip is
> being resolved correctly.
>
> jj
>
> > On Dec 18, 2009, at 5:59 PM, Joey Morin wrote:
> >
> > > i'm almost certain this is not a problem with m0n0wall, nor with my
config,
> > > but this list seems the best place to start.
> > >
> > > i've got a server behind a m0n0.  i need to be able to reach it by the
same
> > > name internally as externally.  the dirty solution i've used in the
past is
> > > to create a dns forwarder entry for the external domain with an empty
host
> > > field, and to create inbound nat entries for each service that i need
access
> > > to (http, ftp, etc...).  this is an acceptable solution, since i have
only
> > > one server behind the m0n0.  if i had servcies running on more than
one
> > > machine, i couldn't use this trick.
> > >
> > > this worked fine with my old slackware server.  i could point to
> > > http://my.domain from an internal machine, and dns served up the
internal ip
> > > of my server.  from an external machine, the same url would get me to
the
> > > same internal server via nat.
> > >
> > > now that i've switched to ubuntu server, it doesn't work anymore.
> > >
> > > i've confirmed that dns forwarding works.  from an internal machine i
can
> > > ping the machine by hostname:
> > > $ ping hostname
> > > PING hostname.my.domain (192.168.0.2) 56(84) bytes of data.
> > > 64 bytes from hostname.my.domain (192.168.0.2): icmp_seq=1 ttl=64
time=1.53
> > > ms
> > > ...
> > >
> > > however, when i try by domain:
> > > $ ping my.domain
> > > PING my.domain (192.168.0.2) 56(84) bytes of data.
> > > ^C
> > > --- my.domain ping statistics ---
> > > 45 packets transmitted, 0 received, 100% packet loss, time 44320ms
> > >
> > > note that when pinging by domain, the resolved ip is correct, but no
packets
> > > are returned.
> > >
> > > so it looks like ubuntu doesn't like the mis-match. slackware didn't
have
> > > the problem.  the problem is the same whether i try an unbuntu client
or a
> > > windows xp client.
> > >
> > > any ideas what the problem is, or how to fix it?
> > >
> > > thanks,
> > > jj