Marian Radulescu
2002-Apr-07 19:53 UTC
[Shorewall-users] DNS problems with Shorewall setup
--------------000800010706070603010109 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Hi everybody, I need some help an this is the best place to get it [:)] I have installed Bering 1.0rc1 with latest version of Shorewall. Now my site is looking like this: 1st router: eth0 - internet connection 1.2.3.4 eth1 192.168.100.254/24 - dmz eth2 192.168.200.254/24 - local wlan0 192.168.1.254/24 - wireless lan (acting like an AP) 2nd router wlan0 192.168.1.253 -wireless lan eth0 192.168.10.254 - wired remote lan The 2nd router is acting like "bridge": has 192.168.1.254 as a default gateway and has enabled proxy arp enabled on both interfaces. 1st router is running tinydns/dnscache for internal/external dns and Shorewall. I am probably a little bit confused (i am a user of shorewall :)) because in my setup i can ping everything in internal/internet using ip addresses but i cannot get outside using names from hosts behing the second router. Any ideea where i am getting wrong? Here is my actual (for testing only) config: # Shorewall 1.2 /etc/shorewall/params # ############################################################################## NET_IF=eth0 NET_BCAST=detect NET_OPTIONS= DMZ_IF=eth1 DMZ_BCAST=detect DMZ_OPTIONS=routestopped,multi LOC_IF=eth2 LOC_BCAST=detect LOC_OPTIONS=routestopped,multi WLAN_IF=wlan0 WLAN_BCAST=detect WLAN_OPTIONS=routestopped,multi # Shorewall 1.2 /etc/shorewall/zones # # This file determines your network zones. Columns are: # # ZONE Short name of the zone # DISPLAY Display name of the zone # COMMENTS Comments about the zone # #ZONE DISPLAY COMMENTS net Net Internet loc Local Local networks #wlan WLan Wireless Network dmz DMZ Demilitarized zone # # Shorewall 1.2 -- Interfaces File # # /etc/shorewall/interfaces # ############################################################################## #ZONE INTERFACE BROADCAST OPTIONS net $NET_IF $NET_BCAST $NET_OPTIONS loc $LOC_IF $LOC_BCAST $LOC_OPTIONS loc $WLAN_IF $WLAN_BCAST $WLAN_OPTIONS dmz $DMZ_IF $DMZ_BCAST $DMZ_OPTIONS # # Shorewall 1.2 - /etc/shorewall/hosts # #ZONE HOST(S) OPTIONS loc eth2:192.168.200.0/24 routestopped loc wlan0:192.168.1.0/24 routestopped loc wlan0:192.168.10.0/24 routestopped dmz eth1:192.168.100.0/24 routestopped ############################################################################## #RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S) ADDRESS # # Allow SSH from the local network # ACCEPT loc $FW tcp ssh,www,domain ACCEPT loc $FW udp domain # # Allow SSH and Auth from the internet # ACCEPT net $FW tcp ssh,auth # # Run an NTP daemon on the firewall that is synced with outside sources # ACCEPT $FW net udp ntp #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE # ############################################################################## #INTERFACE SUBNET ADDRESS $NET_IF $LOC_IF $NET_IF $DMZ_IF $NET_IF $WLAN_IF $NET_IF 192.168.1.0/24 ############################################################################## #LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT REMOVE --------------000800010706070603010109--
Le Dimanche 7 Avril 2002 21:53, Marian Radulescu a écrit :> Hi everybody, > > I need some help an this is the best place to get it [:)] > I have installed Bering 1.0rc1 with latest version of Shorewall. Now my > site is looking like this:> :)) because in my setup i can ping everything in internal/internet using > > ip addresses but i cannot get outside using names from hosts behing the > second router. Any ideea where i am getting wrong? >Hi Marian dnscache needs UDP 53 open. In params (end of the file) sets: LOC_FW_UDP_PORTS=53 (this is defined by default in the Bering shorwall.lrp, but not in Tom''s shorwall.lrp) then it should work. Jacques