here's an update.
i dug my old slackware box out of the closet and fired it up. i then
recreated the dns forwarder config that i'd used years ago (almost certainly
with a 1.2ish m0n0 at the time).
it doesn't work. that is, the problem is the same as i indicated in my
first post. the dns forwarder part of the equation seems to work. if i
point my.domain to my internal slackware machine, and then ping my.domail
from another internal machine, the domain is clearly being converted to the
correct internal ip, but there are no replies to the ping. likewise, a web
browser pointed to http://my.domain (which is the point of this whole
exercise) simply times out.
so it seems that something has changed in 1.3.
any ideas what on earth could be causing this?
> hi francisco,
> On Sat, Dec 19, 2009 at 10:21 AM, Francisco Artes <falcor at netassassin
> > Use the DNS forwarder on the firewall to establish a IP to FQDN for your
> > host.
> this is what the m0n0 dns forwarder looks like:
> Host Domain IP Description
> my.domain 192.168.0.2 (for internal redirection)
> myhost my.domain 192.168.0.2 server
> > Make sure the "domain" in general settings is the same,
> it is.
> > and do that for the /etc/resolv.conf so that it knows the correct domain
> > and has the m0n0wall set as a resolve host.
> you mean on the ubuntu server? here's my /etc/resolv.conf:
> $ cat /etc/resolv.conf
> domain my.domain
> search my.domain
> nameserver 192.168.0.1
> the nameserver points to the m0n0. all configuration is done through dhcp
> > Your external DNS, what ever that is going to be, would have the
> > to FQDN for the public... but do not use this as a resolve host for your
> > internal LAN.
> of course.
> > If you want to run a local DNS cache server, do that with another IP
> > address and tell it to forward requests for your internal domain name to
> > m0n0wall.
> i have no need to run a local dns (other than the m0n0), and would rather
> not do so just to fix this problem. in any case, i'm not convinced it
> would, since the problem appears to be with ubuntu. it will respond to
> (and other service requests) when addressed by hostname, hostname with
> domain, and by ip. however, despite the hostname-less dns forwarder entry
> (which worked perfectly for my old slackware box), it will not respond to
> pings or service requests by domain only, even though it's clear the ip is
> being resolved correctly.
> > On Dec 18, 2009, at 5:59 PM, Joey Morin wrote:
> > > i'm almost certain this is not a problem with m0n0wall, nor with my
> > > but this list seems the best place to start.
> > >
> > > i've got a server behind a m0n0. i need to be able to reach it by the
> > > name internally as externally. the dirty solution i've used in the
> > > to create a dns forwarder entry for the external domain with an empty
> > > field, and to create inbound nat entries for each service that i need
> > > to (http, ftp, etc...). this is an acceptable solution, since i have
> > > one server behind the m0n0. if i had servcies running on more than
> > > machine, i couldn't use this trick.
> > >
> > > this worked fine with my old slackware server. i could point to
> > > http://my.domain from an internal machine, and dns served up the
> > > of my server. from an external machine, the same url would get me to
> > > same internal server via nat.
> > >
> > > now that i've switched to ubuntu server, it doesn't work anymore.
> > >
> > > i've confirmed that dns forwarding works. from an internal machine i
> > > ping the machine by hostname:
> > > $ ping hostname
> > > PING hostname.my.domain (192.168.0.2) 56(84) bytes of data.
> > > 64 bytes from hostname.my.domain (192.168.0.2): icmp_seq=1 ttl=64
> > > ms
> > > ...
> > >
> > > however, when i try by domain:
> > > $ ping my.domain
> > > PING my.domain (192.168.0.2) 56(84) bytes of data.
> > > ^C
> > > --- my.domain ping statistics ---
> > > 45 packets transmitted, 0 received, 100% packet loss, time 44320ms
> > >
> > > note that when pinging by domain, the resolved ip is correct, but no
> > > are returned.
> > >
> > > so it looks like ubuntu doesn't like the mis-match. slackware didn't
> > > the problem. the problem is the same whether i try an unbuntu client
> > > windows xp client.
> > >
> > > any ideas what the problem is, or how to fix it?
> > >
> > > thanks,
> > > jj