Re: DNS and IP MASQ

To: debian-user@lists.debian.org
Subject: Re: DNS and IP MASQ
From: Edward Kear <ed@roundthebend.com>
Date: Sat, 25 Sep 1999 13:31:17 -0400
Message-id: <[🔎] 3.0.3.32.19990925133117.0394773c@mail.albany.net>
In-reply-to: <[🔎] 19990925190910.B293@evel.grave>
References: <[🔎] 19990925101031.A1462@Buddha> <[🔎] 19990925101031.A1462@Buddha>

At 07:09 PM 9/25/99 +0200, Jean-Yves BARBIER wrote:
>On Sat, Sep 25, 1999 at 10:10:32AM -0500, Lance Hoffmeyer wrote:
>> 
>> I have a server that dials into the internet with a client attached on a
home network.  My IP MASQ is working and the 
>> client can connect to the internet, but only using IP Addresses.  The
client cannot connect using domain names.  
>
>Hi Lance,
>that means your DNS isn't working at all (its work is precisely to convert
domain names to real IPs!)
>
>> So , the connection is  10.254.2.2 --eth0--->  10.254.2.1----ppp---->
internet
>> 
>> If I type nslookup from the server I get:
>> 
>> Default Server:  ns2.us.prserv.net
>> Address:  165.87.201.244
>
>Perhaps you said your DNS that its (first) forwarder is ns2.us.prserv.net.
>A forwarder is generaly the ISP's DNS, which, because of the great amount
of request it gets, contains
>most of the regular IPs you need; so if you use a forwarder, it will first
look to its records to see
>if it has the right IP within; and if not, it will query the ROOT.SERVERS,
which are the source of
>*all* correspondances between names & IPs.
>
>> I'm really not sure where this comes from but I know that if I remove it
and put something else in it's place I am not
>> able to browse the web or fetch email.  What can I try so that the
client can connect via domain names and not just
>> IP Addresses?
>
>First, DNS is acting under UDP protool, second you need to let it pass
through the firewall (and return too ;).
>
>MY firewall says: let anything, any protocols pass within the LAN; then,
for the INPUT from WEB, it says: 
>let ALL UDP packets on ports [1024-5999] & [6011-65535] pass (hole is to
secure X Window).
>The OUTPUT chains says: let ALL UDP packets, external destination port =
domain (port 53), PASS.
>Then, then MASQuerade says: MASQuerade from LAN to WEB, source LAN, DEST
anywhere, UDP/domain(53) PASS.
>
>Hope it will help
>
>JY
>
>-- 
Try setting up a caching-only DNS on your firewall that uses your ISP's DNS
as its forwarder.  Then configure all of your clients to point to your DNS.

Install the bind package and read the DNS-HowTo.

Ed

Reply to:

References:
- DNS and IP MASQ
  - From: Lance Hoffmeyer <lanceh@ibm.net>
- Re: DNS and IP MASQ
  - From: Jean-Yves BARBIER <jybarbier@wanadoo.fr>

Prev by Date: Re: cdtool?
Next by Date: Rejected e-mails
Previous by thread: Re: DNS and IP MASQ
Next by thread: cd packet error
Index(es):
- Date
- Thread