<sigh> Too many IP addresses, apparently; this got tagged as SPAM.
Unless otherwise noted, all IP addresses are 192.168; I'll list the
last two octets only here.
At 01/01/06 05:20, RutePoint wrote:
>greetz
>
>first of all, as a small hint try to keep your case written in a simple
>form, ive tried to read it
>several times and still i am not sure whether i got the whole picture! i had
>to take out a pen
>and paper to draw a bit ;)
I thought about ASCII art, but my skills are pretty bad; I thought my
word picture would be the lesser of the two evils....
>anyhow before i go on this goose chase
maybe a pig chase?
>so to speak, there are several
>questions that would be
>good to present first.
>
>as you have placed the suse box as an in between server to separate
>networks,
>how did you configure the itnerfaces on the box?
>did you give the primary interface (im presuming its eth0) the following
>parameters
>ip .1.2
>mask .255.0
>gw .1.1 (or 192.168.1.254 varies on implementation ^^ )
>dns loopback IP, .4.2 (what ever your operator dns is )
I've been told in other threads on this list that 9.3's ethx float
among NICs from bootup to bootup; the IP stack keeps this sorted out,
and all that matters are that the NIC/IP address pairings remain
constant. This is the case in my set up. The Net facing NIC's config is:
ip .1.2 (the primary interface in the sense that it faces the Net;
whether it's eth0, 1, or 2 varies from bootup to bootup)
mask .255.0 (255.255....)
gw 192.168.1.1 (the Linksys router/switch that sits between the whole
LAN and the Net)
dns loopback IP, <real DNS server IP>, <another real DNS server>
>for the remaining interfaces did you give a gateway or just gave an ip /mask
>eth1
>ip .2.1
>mask .255.0
>eth2
>ip .3.1
>mask .255.0
NIC1:
ip .2.2
mask .255.0
gw .1.1
dns loopback IP, <real DNS server IP>, <another real DNS server>
NIC2:
ip .3.1
mask .255.0
gw .1.1
dns loopback IP, <real DNS server IP>, <another real DNS server>
YaST won't let me configure the three NICs differently from each other.
>did you attempt to configure any routing?
>there is no need if you just kept the network configuration simple as
>mentioned above :)
IP Forwarding is turned on, and I can see it coming up during boot
up. I haven't done any other routing, in the sense that, in YaST, I
left the Routing Table Expert Configuration unchecked and the table
blank. The Linksys router/switch has static routes for the .2.0 and
.3.0 subnets via the .1.2 NIC.
>personally about 4 years ago i tried to use ddns and found it to cause
>enough headaches so
>i just gave up on it back then and stuck to a static dns setup dunno whether
>it works better nowadays
>so if you would use a static dns and drop ddns that should help a lot.....i
>guess :)
It may come to that, but I want to hammer on this nut awhile longer
before I give up.
>the samba can mess up a bit things in a sence that when windows attempt to
>resolve
>depending on how you have configured your windows clients, they might
>resolve using
>first the lmhost file which might contain static entries or then again it
>would resolve from the network
>so double check your lmhost for static entries on the windows systems
Good catch on this one. I had an old hosts file on my Win2k PC, left
over from last spring when I had even less knowledge and was even
more dangerous, that had the old IP address/hostname mappings. I
commented out all but the loopback line; now -flushdns has gotten rid
of them, and I get no "permanent" mis-mapped ping results.
>and if you decide to remove the ddns from your network, unselect the
>register dns from the windows
>network settings cause that would spare your suse box from log records :)
>
>now back to your dns configuration,
>what interfaces have you got the dns to listen on?
How do I tell? dns runs on the same box as all three NICs. Now I'm
truly exposing my ignorance. var_log_messages says named is
listening on all three NICs and the loopback.
>i think to ease the goose chase here is for you to send a more elaborative
>description
>of your environment setup
the NIC running .1.0 has IP address .1.2 and connects to the Net via
the Linksys (which is on .1.1).
the NIC running 2.0 has IP address .2.2 and manages (?) the subnet
containing the Win2k PC (now with a cleaned up hosts file)
the NIC running 3.0 has IP address .3.1 and "manages" the subnet
containing the dual bootable laptop.
all three NICs are physically present on the SUSE server; the first
two are chips built into the motherboard; the third is a daughter
card added later. I've appended the ifcfg-eth-id-<MAC> for one of
the NICs; they're all the same except for their own IP data (unless I
missed something) and were generated by YaST when I configured the
NICs. I've edited this for the IP address==SPAM designation problem.
BOOTPROTO='static'
BROADCAST='.1.255'
IPADDR='.1.2'
MTU=''
NAME='Intel 82547EI Gigabit Ethernet Controller (LOM)'
NETMASK='.255.0'
NETWORK='.1.0'
REMOTE_IPADDR=''
STARTMODE='auto'
UNIQUE='JNkJ.NvquJ_ETJIB'
USERCONTROL='no'
_nm_name='bus-pci-0000:02:01.0'
PREFIXLEN=''
The domain for the .1.0 subnet has been set as .test.biz, and the
domain for the .2.0 and .3.0 subnets has been set as .test1.biz.
I'm sorry if this seems too much like a regurgitation of what I said
in my initial email; I'm probably not understanding what you're
looking for with "environment setup."
>and your dns named.conf file
>(personally i rewrote the named.conf on my suse 9.3, its now cleaner and
>simpler than what yast generates :) )
named.conf file below. I hope it doesn't generate a SPAM tag. I've
included it in line because this list, apparently, strips attachments.
###
# Test Biz DNS Control File
###
# Date: 22 Dec 2005
###
# Added logging 30 Dec 05
logging {
channel mysyslog {
syslog daemon;
severity error;
};
channel mylog {
file "/var/log/named.log";
severity error;
print-time yes;
print-category yes;
print-severity yes;
};
category default {
mysyslog;
mylog;
};
};
options {
directory "/var/lib/named";
forwarders {
4.2.2.2;
};
forward first;
listen-on {
mynet;
};
auth-nxdomain yes;
multiple-cnames yes;
notify no;
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
acl mynet {
192.168.1.0/24;
192.168.2.0/24;
192.168.3.0/24;
127.0.0.1;
};
acl seconddns {
64.81.45.2;
};
zone "test1.biz" {
type master;
file "/var/lib/named/master/test1.biz.hosts";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "test.biz" {
type master;
file "/var/lib/named/master/test.biz.hosts";
allow-query {
any;
};
allow-transfer {
seconddns;
};
};
zone "2.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.2.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "3.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.3.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
zone "1.168.192.in-addr.arpa" {
type master;
file "/var/lib/named/192.168.1.0.rev";
allow-query {
mynet;
};
allow-transfer {
mynet;
};
allow-update {
mynet;
};
};
And the following log entries just showed up this morning in my named.log file:
31-Dec-2005 19:44:36.757 update-security: error: client
192.168.1.2#32783: update 'test.biz/IN' denied
31-Dec-2005 19:57:03.777 update-security: error: client
192.168.1.2#32786: update 'test.biz/IN' denied
31-Dec-2005 20:33:59.980 general: error:
/var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:42:44.499 general: error:
/var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:46:06.793 general: error:
/var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
01-Jan-2006 07:46:15.520 general: error:
/var/lib/named/master/test1.biz.hosts.jnl: create: permission denied
Maybe they've been their all along; I only figured out how to get
error messages into my log on 31 Dec; although they weren't showing
up in the messages or warn files earlier.
>regards
>RutePoint
>
>PS: Happy New Year
You, too, and thanks for your help.
On 1/1/06, Eric Hines <eehines(a)comcast.net> wrote:
>
> Folks,
>
> (Retransmitted because my last got labelled SPAM; hopefully, I gotten
> the offending parts out this time.)
>
> <much snippage; this email is long enough....>
There is no nonsense so errant that it cannot be made the creed of
the vast majority by adequate governmental action.
--Bertrand Russell
