[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains and DNS problem

i never got DNS to masq right under 2.2 my solution was to run a DNS on
the box doing the masq and point the clients to it

nate

On Fri, 19 Nov 1999 fairfax@pclink.com wrote:

fairfa >I have ipchains working, but my workstations cannot get out to the internet because of a DNS problem.  (When I try to ping any host from the workstations I get the message Host not found.)
fairfa >
fairfa >I have kernel 2.2.12, running IP MASQ and ipchains.
fairfa >
fairfa >/etc/init.d/network on the server looks like this:
fairfa >--------------------------------------------------
fairfa >ifconfig lo 127.0.0.1
fairfa >route add -net 127.0.0.0 netmask 255.0.0.0 dev lo
fairfa >
fairfa >ifconfig eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 up
fairfa >route add -net 192.168.1.0 dev eth0
fairfa >
fairfa >echo "1" > /proc/sys/net/ipv4/ip_forward
fairfa >
fairfa >ifchains -P forward DENY
fairfa >ipchains -A forward -s 192.168.1.0/24 -j MASQ
fairfa >--------------------------------------------------
fairfa >on the workstation:
fairfa >--------------------------------------------------
fairfa >ifconfig lo 127.0.0.1
fairfa >route add -net 127.0.0.0 netmask 255.0.0.0 dev lo
fairfa >
fairfa >ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 up
fairfa >route add -net 192.168.1.0 dev eth0
fairfa >
fairfa >route add default gw 192.168.1.1
fairfa >--------------------------------------------------
fairfa >resolv.conf on both machines just has two lines, one for each of the nameservers my ISP uses.
fairfa >
fairfa >Issuing the command
fairfa ># ipmasq -d
fairfa >from the server gives the following output:
fairfa >--------------------------------------------------
fairfa >/sbin/ipchains -P input DENY
fairfa >/sbin/ipchains -P output DENY
fairfa >/sbin/ipchains -P forward DENY
fairfa >/sbin/ipchains -F input
fairfa >/sbin/ipchains -F output
fairfa >/sbin/ipchains -F forward
fairfa >/sbin/ipchains -A input -j ACCEPT -i lo
fairfa >/sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.1/255.255.255.0
fairfa >/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 206.11.2.183/32
fairfa >/sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.1.1/255.255.255.0 -l
fairfa >/sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.168.1.1/255.255.255.0
fairfa >/sbin/ipchains -A output -j ACCEPT -i lo
fairfa >/sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.1.1/255.255.255.0
fairfa >/sbin/ipchains -A output -j ACCEPT -i ppp0 -s 206.11.2.183/255.255.255.255
fairfa >/sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.1.1/255.255.255.0 -l
fairfa >--------------------------------------------------
fairfa >I can ping anything from the server, but not from the workstations.
fairfa >
fairfa >What am I doing wrong?
fairfa >
fairfa >Steven C. Martin
fairfa >
fairfa >
fairfa >-- 
fairfa >Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
fairfa >

----------------------------------------[mailto:aphro@aphroland.org ]--
   Vice President Network Operations       http://www.firetrail.com/
  Firetrail Internet Services Limited      http://www.aphroland.org/
       Everett, WA 425-348-7336            http://www.linuxpowered.net/
            Powered By:                    http://comedy.aphroland.org/
    Debian 2.1 Linux 2.0.36 SMP            http://yahoo.aphroland.org/
-----------------------------------------[mailto:aphro@netquest.net ]--
10:15pm up 92 days, 9:50, 1 user, load average: 1.17, 1.51, 1.67
Reply to: