Marian Radulescu
2002-Apr-07 19:53 UTC
[Shorewall-users] DNS problems with Shorewall setup
--------------000800010706070603010109
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi everybody,
I need some help an this is the best place to get it [:)]
I have installed Bering 1.0rc1 with latest version of Shorewall. Now my
site is looking like this:
1st router:
eth0 - internet connection 1.2.3.4
eth1 192.168.100.254/24 - dmz
eth2 192.168.200.254/24 - local
wlan0 192.168.1.254/24 - wireless lan (acting like an AP)
2nd router
wlan0 192.168.1.253 -wireless lan
eth0 192.168.10.254 - wired remote lan
The 2nd router is acting like "bridge": has 192.168.1.254 as a default
gateway and has enabled proxy arp enabled on both interfaces.
1st router is running tinydns/dnscache for internal/external dns and
Shorewall. I am probably a little bit confused (i am a user of shorewall
:)) because in my setup i can ping everything in internal/internet using
ip addresses but i cannot get outside using names from hosts behing the
second router. Any ideea where i am getting wrong?
Here is my actual (for testing only) config:
# Shorewall 1.2
/etc/shorewall/params
#
##############################################################################
NET_IF=eth0
NET_BCAST=detect
NET_OPTIONS=
DMZ_IF=eth1
DMZ_BCAST=detect
DMZ_OPTIONS=routestopped,multi
LOC_IF=eth2
LOC_BCAST=detect
LOC_OPTIONS=routestopped,multi
WLAN_IF=wlan0
WLAN_BCAST=detect
WLAN_OPTIONS=routestopped,multi
# Shorewall 1.2
/etc/shorewall/zones
#
# This file determines your network zones. Columns
are:
#
# ZONE Short name of the
zone # DISPLAY Display
name of the zone # COMMENTS
Comments about the zone
#
#ZONE DISPLAY
COMMENTS net
Net Internet
loc Local Local
networks #wlan WLan
Wireless Network dmz
DMZ Demilitarized zone
#
# Shorewall 1.2 -- Interfaces
File
#
#
/etc/shorewall/interfaces
#
##############################################################################
#ZONE INTERFACE BROADCAST
OPTIONS net $NET_IF
$NET_BCAST $NET_OPTIONS loc
$LOC_IF $LOC_BCAST $LOC_OPTIONS
loc $WLAN_IF $WLAN_BCAST
$WLAN_OPTIONS dmz $DMZ_IF
$DMZ_BCAST $DMZ_OPTIONS
#
# Shorewall 1.2 -
/etc/shorewall/hosts
#
#ZONE HOST(S)
OPTIONS loc
eth2:192.168.200.0/24 routestopped
loc wlan0:192.168.1.0/24
routestopped loc
wlan0:192.168.10.0/24 routestopped
dmz eth1:192.168.100.0/24 routestopped
##############################################################################
#RESULT CLIENT(S) SERVER(S) PROTO PORT(S) CLIENT PORT(S)
ADDRESS
#
# Allow SSH from the local
network
#
ACCEPT loc $FW tcp
ssh,www,domain ACCEPT loc $FW
udp domain
#
# Allow SSH and Auth from the
internet
#
ACCEPT net $FW tcp
ssh,auth
#
# Run an NTP daemon on the firewall that is synced with outside
sources
#
ACCEPT $FW net udp
ntp #LAST LINE -- ADD YOUR ENTRIES BEFORE
THIS ONE -- DO NOT REMOVE
#
##############################################################################
#INTERFACE SUBNET
ADDRESS $NET_IF
$LOC_IF
$NET_IF
$DMZ_IF
$NET_IF
$WLAN_IF
$NET_IF
192.168.1.0/24
##############################################################################
#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT
REMOVE
--------------000800010706070603010109--
Le Dimanche 7 Avril 2002 21:53, Marian Radulescu a écrit :> Hi everybody, > > I need some help an this is the best place to get it [:)] > I have installed Bering 1.0rc1 with latest version of Shorewall. Now my > site is looking like this:> :)) because in my setup i can ping everything in internal/internet using > > ip addresses but i cannot get outside using names from hosts behing the > second router. Any ideea where i am getting wrong? >Hi Marian dnscache needs UDP 53 open. In params (end of the file) sets: LOC_FW_UDP_PORTS=53 (this is defined by default in the Bering shorwall.lrp, but not in Tom''s shorwall.lrp) then it should work. Jacques