[ previous ] [ next ] [ threads ]
 
 From:  Hilton Travis <Hilton at QuarkAV dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  DHCP, LAN, OPT1, and DNS Forwarder
 Date:  Wed, 05 May 2004 07:34:00 +1000 
Hi All,

I think this may have been discussed before, but I think it still needs
to be looked at...

I recently reconfigured my home network so that my own machines run off
the LAN interface on my net4501-m0n0wall firewall, and my flatmates run
off the OPT1 interface.  This was done for two main reasons: a) ensure
that their machines have no access to mine (run the interfaces in
non-bridged mode on different networks), and b) make the traffic shaping
rules easier to handle.

In its original configuration I had enabled the DNS Forwarder to route
all DNS traffic through the caching DNS Server on the m0n0wall itself,
resulting in less traffic over the WAN connection (bugger all, I know,
but less is more) and faster DNS response times due to the DNS cache
being held on my local LAN.

As I now have DHCP enabled on the LAN as well as the now used OPT1
interface, having "DNS Forwarder" enabled breaks the DNS resolution of
all computers on the OPT1 interface as the DHCP Server assigns the LAN
IP Address as the OPT1 DNS Server.  This is wrong, as there's no traffic
allowed from the OPT1 into the LAN as should be the case on any firewall
with a DMZ.

What I've had to do is to uncheck the DNS Forwarder which disables it
for both the LAN and the OPT1 interfaces.  I would like it to be still
present for at least the LAN interface.  Ultimately, I'd like to be able
to have DNS Forwarder checked, and for m0n0wall to either pass the LAN
IP to its LAN segment in DHCP and its OPT1 IP to its OPT1 segment in
DHCP, or as an alternate to this, allow the LAN IP to be assigned to the
LAN machines via DHCP, and the entered/obtained DNS Server IP to be
assigned to the OPT1 machines via DHCP.

Any thoughts, comments?

-- 

Regards,

Hilton Travis                   Phone: +61-(0)7-3343-3889
Manager, Quark AudioVisual      Phone: +61-(0)419-792-394
         Quark Computers         http://www.QuarkAV.com/
(Brisbane, Australia)            http://www.QuarkAV.net/

Open Source Projects:		http://www.ares-desktop.org/
				http://www.mamboband.org/

Non Linear Video Editing Solutions & Digital Audio Workstations
 Network Administration, SmoothWall Firewalls, NOD32 AntiVirus
  Conference and Seminar AudioVisual Production and Recording

War doesn't determine who is right. War determines who is left.