Re: Help with IP masquerading

To: debian-user@lists.debian.org
Subject: Re: Help with IP masquerading
From: Francois Gouget <fgouget@club-internet.fr>
Date: Wed, 21 May 1997 09:58:18 +0200 (MET DST)
Message-id: <Pine.LNX.3.95q.970521094209.17098B-100000@silver.dolphin>
In-reply-to: <Pine.LNX.3.96.970521091316.2604M-100000@siva.taz.net.au>

On Wed, 21 May 1997, Craig Sanders wrote:

> On Tue, 20 May 1997, Benjamin T. White wrote:
> 
> > **I can not do domain name resolution with my new setup** The ip
[...]
> DNS is one of the limitations of masquerading.  It doesn't work.

	I have the same setup as Benjamin T except that I have two Linux
machines. I could not prove it right now because I have installed a DNS
server on the Linux doing the masquerading but if I remember well my 486 
was able to do DNS resolution before I installed the new DNS. So that was
through the IP masquerading. I have the kernel 2.0.27 and I load some
optional IP masquerading modules (mainly ftp).

> Most Linux documentation advises against running bind, saying that it's
[...]
> get it working....it only takes a few minutes at most.

	I would rather say that it took me a several hours but perhaps I'm
worse than average.

> BTW, if you're using diald you'll probably want to configure it so that
> it doesn't bring up the link every time you want to resolve a name. But
> you'll want to do that whether you're running bind or not.

	In fact if you're using diald having a local bind server is
perhaps more trouble than it's worth. Here is why:
 - Either diald does not bring the connection up for DNS requests. Then
applications will seem to hang if the result for their DNS query is not in
the cache. They will stay blocked in some gethostbyname call until the DNS
server times out which takes quite a long time. With some X applications
you can completely freeze the X server (with netscape click on a menu. It
does it's name lookup right here and it seems to block X).
 - The second problem does not depend on whether DNS bring the PPP link
up. If your IP address is dynamically assigned by you ISP and you type
"ftp ftp.debian.org" and the name lookup is returned by the local DNS
cache then the first packet on the network is the first packet for the TCP
conenction. But I noticed that in that case diald seems to send the packet
with the wrong source IP address, i.e. that of the fake serial device
instead of the one of the fresh new PPP connection. Consequence the
connection will never make it, you have to abort ftp and restart it. This
effectively prevents me from using diald with the DES client.

-- 
Francois Gouget
fgouget@club-internet.fr                http://www.mygale.org/05/fgouget/

Wonder what to do with all your spare CPU cycles ! Participate to the DES
cracking challenge with the SolNet team http://www.des.sollentuna.se/


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

Follow-Ups:
- Re: Help with IP masquerading
  - From: Rob Browning <rlb@cs.utexas.edu>
- Re: Help with IP masquerading
  - From: Craig Sanders <cas@taz.net.au>

References:
- Re: Help with IP masquerading
  - From: Craig Sanders <cas@taz.net.au>

Prev by Date: Re: Newbie Question (sorta :)
Next by Date: Front Page Extension
Previous by thread: Re: Help with IP masquerading
Next by thread: Re: Help with IP masquerading
Index(es):
- Date
- Thread