Mailinglist Archive: opensuse (3863 mails)
| < Previous | Next > |
Re: [SLE] SLP9 - DNS on FW with MASQ
- From: David Barnes <kcuk.linux@xxxxxxxxxxxxxxxx>
- Date: Sun, 8 Feb 2004 23:02:56 +0000
- Message-id: <200402082302.56016.kcuk.linux@xxxxxxxxxxxxxxxx>
On Sunday 08 February 2004 21:01, Anders Johansson wrote:
> On Sunday 08 February 2004 21.58, David Barnes wrote:
> > nameserver 127.0.0.1
> > nameserver 194.117.152.85
>
> two nameservers? You're worried it might not be able to contact localhost?
> :)
I can contact the local host - it just doesn't do any good. With only
localhost I get:
kimberly:/etc # dig www.blueyonder.co.uk
; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk
;; global options: printcmd
;; connection timed out; no servers could be reached
With both lines I get:
kimberly:/etc # dig www.blueyonder.co.uk
; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48593
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.blueyonder.co.uk. IN A
;; ANSWER SECTION:
www.blueyonder.co.uk. 14400 IN A 62.30.31.86
;; AUTHORITY SECTION:
blueyonder.co.uk. 28800 IN NS ns.blueyonder.co.uk.
blueyonder.co.uk. 28800 IN NS ns2.blueyonder.co.uk.
blueyonder.co.uk. 28800 IN NS ns3.cableinet.net.
;; ADDITIONAL SECTION:
ns.blueyonder.co.uk. 28800 IN A 195.188.53.114
ns2.blueyonder.co.uk. 28800 IN A 195.188.53.113
ns3.cableinet.net. 28800 IN A 194.117.152.85
;; Query time: 17 msec
;; SERVER: 194.117.152.85#53(194.117.152.85)
;; WHEN: Sun Feb 8 22:55:29 2004
;; MSG SIZE rcvd: 168
>
> What forwarders are you using in your bind config?
forwarders { 194.117.152.85; };
> Do you get any "DROP" lines in /var/log/messages when you dig @localhost ?
SuSE-FW-ILLEGAL-TARGET IN=eth1 OUT=
MAC=00:10:b5:10:31:9d:00:0a:42:6d:5c:70:08:00 SRC=202.12.27.33
DST=82.33.145.89 LEN=308 TOS=0x00 PREC=0x00 TTL=53 ID=17066 PROTO=UDP SPT=53
DPT=53 LEN=288
The firewall is definitely blocking the packets, because the dns works from
the firewall if I run the firewall in test mode. (Unless I'm wrong, of
course!)
> On Sunday 08 February 2004 21.58, David Barnes wrote:
> > nameserver 127.0.0.1
> > nameserver 194.117.152.85
>
> two nameservers? You're worried it might not be able to contact localhost?
> :)
I can contact the local host - it just doesn't do any good. With only
localhost I get:
kimberly:/etc # dig www.blueyonder.co.uk
; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk
;; global options: printcmd
;; connection timed out; no servers could be reached
With both lines I get:
kimberly:/etc # dig www.blueyonder.co.uk
; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48593
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
;; QUESTION SECTION:
;www.blueyonder.co.uk. IN A
;; ANSWER SECTION:
www.blueyonder.co.uk. 14400 IN A 62.30.31.86
;; AUTHORITY SECTION:
blueyonder.co.uk. 28800 IN NS ns.blueyonder.co.uk.
blueyonder.co.uk. 28800 IN NS ns2.blueyonder.co.uk.
blueyonder.co.uk. 28800 IN NS ns3.cableinet.net.
;; ADDITIONAL SECTION:
ns.blueyonder.co.uk. 28800 IN A 195.188.53.114
ns2.blueyonder.co.uk. 28800 IN A 195.188.53.113
ns3.cableinet.net. 28800 IN A 194.117.152.85
;; Query time: 17 msec
;; SERVER: 194.117.152.85#53(194.117.152.85)
;; WHEN: Sun Feb 8 22:55:29 2004
;; MSG SIZE rcvd: 168
>
> What forwarders are you using in your bind config?
forwarders { 194.117.152.85; };
> Do you get any "DROP" lines in /var/log/messages when you dig @localhost ?
SuSE-FW-ILLEGAL-TARGET IN=eth1 OUT=
MAC=00:10:b5:10:31:9d:00:0a:42:6d:5c:70:08:00 SRC=202.12.27.33
DST=82.33.145.89 LEN=308 TOS=0x00 PREC=0x00 TTL=53 ID=17066 PROTO=UDP SPT=53
DPT=53 LEN=288
The firewall is definitely blocking the packets, because the dns works from
the firewall if I run the firewall in test mode. (Unless I'm wrong, of
course!)
| < Previous | Next > |