Re: DNS and IP MASQ
On Sat, Sep 25, 1999 at 10:10:32AM -0500, Lance Hoffmeyer wrote:
>
> I have a server that dials into the internet with a client attached on a home network. My IP MASQ is working and the
> client can connect to the internet, but only using IP Addresses. The client cannot connect using domain names.
Hi Lance,
that means your DNS isn't working at all (its work is precisely to convert domain names to real IPs!)
> So , the connection is 10.254.2.2 --eth0---> 10.254.2.1----ppp----> internet
>
> If I type nslookup from the server I get:
>
> Default Server: ns2.us.prserv.net
> Address: 165.87.201.244
Perhaps you said your DNS that its (first) forwarder is ns2.us.prserv.net.
A forwarder is generaly the ISP's DNS, which, because of the great amount of request it gets, contains
most of the regular IPs you need; so if you use a forwarder, it will first look to its records to see
if it has the right IP within; and if not, it will query the ROOT.SERVERS, which are the source of
*all* correspondances between names & IPs.
> I'm really not sure where this comes from but I know that if I remove it and put something else in it's place I am not
> able to browse the web or fetch email. What can I try so that the client can connect via domain names and not just
> IP Addresses?
First, DNS is acting under UDP protool, second you need to let it pass through the firewall (and return too ;).
MY firewall says: let anything, any protocols pass within the LAN; then, for the INPUT from WEB, it says:
let ALL UDP packets on ports [1024-5999] & [6011-65535] pass (hole is to secure X Window).
The OUTPUT chains says: let ALL UDP packets, external destination port = domain (port 53), PASS.
Then, then MASQuerade says: MASQuerade from LAN to WEB, source LAN, DEST anywhere, UDP/domain(53) PASS.
Hope it will help
JY
--
Jean-Yves F. Barbier <jybarbier@wanadoo.fr>
%DCL-MEM-BAD, bad memory
VMS-F-PDGERS, pudding between the ears
Reply to: