Hi All, I suspect this might be a pure DNS or even an outlook issue, but I''d thought I''d ask here, just in case. I have a wireless network that uses my leaf firewall as the gateway, dhcp server, and dns (hence the dnsmasq) I do a nslookup it, uses 192.168.30.1 server and resolves mail.myvest.com to 192.168.X.X. But when I use mail.myvest.com in outlook 2003 or 2000 for my mail server and I get a all2all rejection message from shorewall from my desktop 192.168.30.56 to the public ip address of my mailserver 66.92.24.173. However, when I use 192.168.X.X for the mail server settings in outlook, it works fine! What''s going on here? Any pointing me in the right direction would be greatly appreciated. thanks. What''s really weird is that when I added the random public name servers (server=206.13.28.12; server=128.32.112.230) it fixed the above problem temporarily. --jsl My settings are as follows : sid# more dnsmasq.conf # Configuration file for dnsmasq. # # Format is one option per line, legal options are the same # as the long options legal on the command line. See # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. # The following two options make you a better netizen, since they # tell dnsmasq to filter out queries which the public DNS cannot # answer, and which load the servers (especially the root servers) # uneccessarily. If you have a dial-on-demand link they also stop # these requests from bringing up the link uneccessarily. # Never forward plain names (with a dot or domain part) domain-needed # Never forward addresses in the non-routed address spaces. bogus-priv # Uncomment this to filter useless windows-originated DNS requests # which can trigger dial-on-demand links needlessly. # Note that (amongst other things) this blocks all SRV requests, # so don''t use it if you use eg Kerberos. # This option only affects forwarding, SRV records originating for # dnsmasq (via srv-host= lines) are not suppressed by it. #filterwin2k # Change this line if you want dns to get its upstream servers from # somewhere other that /etc/resolv.conf #resolv-file # By default, dnsmasq will send queries to any of the upstream # servers it knows about and tries to favour servers to are known # to be up. Uncommenting this forces dnsmasq to try each query # with each server strictly in the order they appear in # /etc/resolv.conf #strict-order # If you don''t want dnsmasq to read /etc/resolv.conf or any other # file, getting its servers for this file instead (see below), then # uncomment this #no-resolv # If you don''t want dnsmasq to poll /etc/resolv.conf or other resolv # files for changes and re-read them then uncomment this. #no-poll # Add other name servers here, with domain specs if they are for # non-public domains. server=206.13.28.12 server=128.32.112.230 server=192.168.30.1 # Set the domain for dnsmasq. this is optional, but if it is set, it # does the following things. # 1) Allows DHCP hosts to have fully qualified domain names, as long # as the domain part matches this setting. # 2) Sets the "domain" DHCP option thereby potentially setting the # domain of all systems configured by DHCP # 3) Provides the domain part for "expand-hosts" domain=myvest.com # Uncomment this to enable the integrated DHCP server, you need # to supply the range of addresses available for lease and optionally # a lease time. If you have more than one network, you will need to # repeat this for each network on which you want to supply DHCP # service. dhcp-range=192.168.30.20,192.168.30.100,12h ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Julie S. Lin wrote:> Hi All, > > I suspect this might be a pure DNS or even an outlook issue, but I''d > thought I''d ask here, just in case. > > I have a wireless network that uses my leaf firewall as the gateway, > dhcp server, and dns (hence the dnsmasq) > I do a nslookup it, uses 192.168.30.1 server and resolves > mail.myvest.com to 192.168.X.X. > > But when I use mail.myvest.com in outlook 2003 or 2000 for my mail > server and I get a all2all rejection message from shorewall > from my desktop 192.168.30.56 to the public ip address of my mailserver > 66.92.24.173. However, when I > use 192.168.X.X for the mail server settings in outlook, it works fine! > What''s going on here? > > Any pointing me in the right direction would be greatly appreciated. > thanks. What''s really weird is that > when I added the random public name servers (server=206.13.28.12; > server=128.32.112.230) > it fixed the above problem temporarily. > > --jsl > > >not shorewall related.wrong place.: use: http://lists.thekelleys.org.uk/mailman/listinfo/dnsmasq-discuss thanks
First follow the support steps at http://www.shorewall.net/support.htm. It would also be good to know if you use dnat, 1-1nat or proxyarp for this mail server. Julie S. Lin wrote:> Hi All, > > I suspect this might be a pure DNS or even an outlook issue, but I''d > thought I''d ask here, just in case. > > I have a wireless network that uses my leaf firewall as the gateway, > dhcp server, and dns (hence the dnsmasq) > I do a nslookup it, uses 192.168.30.1 server and resolves > mail.myvest.com to 192.168.X.X. > > But when I use mail.myvest.com in outlook 2003 or 2000 for my mail > server and I get a all2all rejection message from shorewall > from my desktop 192.168.30.56 to the public ip address of my > mailserver 66.92.24.173. However, when I > use 192.168.X.X for the mail server settings in outlook, it works > fine! What''s going on here? > > Any pointing me in the right direction would be greatly appreciated. > thanks. What''s really weird is that > when I added the random public name servers (server=206.13.28.12; > server=128.32.112.230) > it fixed the above problem temporarily. > > --jsl > > > > My settings are as follows : > > sid# more dnsmasq.conf > # Configuration file for dnsmasq. > # > # Format is one option per line, legal options are the same > # as the long options legal on the command line. See > # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. > > # The following two options make you a better netizen, since they > # tell dnsmasq to filter out queries which the public DNS cannot > # answer, and which load the servers (especially the root servers) > # uneccessarily. If you have a dial-on-demand link they also stop > # these requests from bringing up the link uneccessarily. > > # Never forward plain names (with a dot or domain part) > domain-needed > # Never forward addresses in the non-routed address spaces. > bogus-priv > > > # Uncomment this to filter useless windows-originated DNS requests > # which can trigger dial-on-demand links needlessly. > # Note that (amongst other things) this blocks all SRV requests, > # so don''t use it if you use eg Kerberos. > # This option only affects forwarding, SRV records originating for > # dnsmasq (via srv-host= lines) are not suppressed by it. > #filterwin2k > > # Change this line if you want dns to get its upstream servers from > # somewhere other that /etc/resolv.conf > #resolv-file> > # By default, dnsmasq will send queries to any of the upstream > # servers it knows about and tries to favour servers to are known > # to be up. Uncommenting this forces dnsmasq to try each query > # with each server strictly in the order they appear in > # /etc/resolv.conf > #strict-order > > # If you don''t want dnsmasq to read /etc/resolv.conf or any other > # file, getting its servers for this file instead (see below), then > # uncomment this > #no-resolv > > # If you don''t want dnsmasq to poll /etc/resolv.conf or other resolv > # files for changes and re-read them then uncomment this. > #no-poll > > # Add other name servers here, with domain specs if they are for > # non-public domains. > server=206.13.28.12 > server=128.32.112.230 > server=192.168.30.1 > > # Set the domain for dnsmasq. this is optional, but if it is set, it > # does the following things. > # 1) Allows DHCP hosts to have fully qualified domain names, as long > # as the domain part matches this setting. > # 2) Sets the "domain" DHCP option thereby potentially setting the > # domain of all systems configured by DHCP > # 3) Provides the domain part for "expand-hosts" > domain=myvest.com > > # Uncomment this to enable the integrated DHCP server, you need > # to supply the range of addresses available for lease and optionally > # a lease time. If you have more than one network, you will need to > # repeat this for each network on which you want to supply DHCP > # service. > dhcp-range=192.168.30.20,192.168.30.100,12h > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files > for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
Hi Julie,> Hi All, > > > I suspect this might be a pure DNS or even an outlook issue, but I''d > thought I''d ask here, just in case. > > I have a wireless network that uses my leaf firewall as the gateway, > dhcp server, and dns (hence the dnsmasq) I do a nslookup it, uses > 192.168.30.1 server and resolves > mail.myvest.com to 192.168.X.X. > > But when I use mail.myvest.com in outlook 2003 or 2000 for my mail > server and I get a all2all rejection message from shorewall from my desktop > 192.168.30.56 to the public ip address of my mailserver > 66.92.24.173. However, when I > use 192.168.X.X for the mail server settings in outlook, it works fine! > What''s going on here? >Strange, it looks like nslookup is sending a different type of query to dnsmasq then outlook (maybe A versus MX or h-node/b-node/p-node?). Try to set 192.168.X.X mail.myvest.com in /etc/hosts, dnsmasq also parses the /etc/hosts file and won''t do a lookup on the upstream DNS servers. Your mail.myvest.com host is known with both a private address and a public address. Depending on how the query is done: hostfile - broadcast - wins - dns lookup, either the public or private address is resolved first. Eric> > Any pointing me in the right direction would be greatly appreciated. > thanks. What''s really weird is that when I added the random public name > servers (server=206.13.28.12; server=128.32.112.230) it fixed the above > problem temporarily. > > --jsl > > > > > My settings are as follows : > > > sid# more dnsmasq.conf # Configuration file for dnsmasq. > # > # Format is one option per line, legal options are the same > # as the long options legal on the command line. See > # "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details. > > > # The following two options make you a better netizen, since they > # tell dnsmasq to filter out queries which the public DNS cannot > # answer, and which load the servers (especially the root servers) > # uneccessarily. If you have a dial-on-demand link they also stop > # these requests from bringing up the link uneccessarily. > > > # Never forward plain names (with a dot or domain part) > domain-needed # Never forward addresses in the non-routed address spaces. > bogus-priv > > > # Uncomment this to filter useless windows-originated DNS requests > # which can trigger dial-on-demand links needlessly. > # Note that (amongst other things) this blocks all SRV requests, > # so don''t use it if you use eg Kerberos. > # This option only affects forwarding, SRV records originating for > # dnsmasq (via srv-host= lines) are not suppressed by it. > #filterwin2k > > > # Change this line if you want dns to get its upstream servers from > # somewhere other that /etc/resolv.conf > #resolv-file> > > # By default, dnsmasq will send queries to any of the upstream > # servers it knows about and tries to favour servers to are known > # to be up. Uncommenting this forces dnsmasq to try each query > # with each server strictly in the order they appear in > # /etc/resolv.conf > #strict-order > > > # If you don''t want dnsmasq to read /etc/resolv.conf or any other > # file, getting its servers for this file instead (see below), then > # uncomment this > #no-resolv > > > # If you don''t want dnsmasq to poll /etc/resolv.conf or other resolv > # files for changes and re-read them then uncomment this. > #no-poll > > > # Add other name servers here, with domain specs if they are for > # non-public domains. > server=206.13.28.12 server=128.32.112.230 server=192.168.30.1 > > # Set the domain for dnsmasq. this is optional, but if it is set, it > # does the following things. > # 1) Allows DHCP hosts to have fully qualified domain names, as long > # as the domain part matches this setting. > # 2) Sets the "domain" DHCP option thereby potentially setting the > # domain of all systems configured by DHCP > # 3) Provides the domain part for "expand-hosts" > domain=myvest.com > > # Uncomment this to enable the integrated DHCP server, you need > # to supply the range of addresses available for lease and optionally > # a lease time. If you have more than one network, you will need to > # repeat this for each network on which you want to supply DHCP > # service. > dhcp-range=192.168.30.20,192.168.30.100,12h > > > > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. Do you grep through log > files for problems? Stop! Download the new AJAX search engine that makes > searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 > ------------------------------------------------------------------------ > leaf-user mailing list: leaf-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/leaf-user > Support Request -- http://leaf-project.org/ > >------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642 ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/