Re: modem / pon / serial problems

To: debian-user@lists.debian.org
Subject: Re: modem / pon / serial problems
From: Nathan E Norman <nnorman@incanus.net>
Date: Wed, 5 Feb 2003 18:19:36 -0600
Message-id: <[🔎] 20030206001936.GD13175@incanus.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20030205221436.GA1167@pigeon.pigeonloft>
References: <[🔎] 20030204225043.GA3162@pigeon.pigeonloft> <[🔎] 20030205221436.GA1167@pigeon.pigeonloft>

On Wed, Feb 05, 2003 at 10:14:36PM +0000, Pigeon wrote:
> On Tue, Feb 04, 2003 at 10:50:43PM +0000, Pigeon wrote:
> > So: the main box is 192.168.1.1, the modem box is 192.168.1.2. I add
> > "gateway 192.168.1.2" to /etc/network/interfaces on the main box and
> > run /etc/init.d/networking restart.
> > 
> > On the modem box I do
> > echo 1 > /proc/sys/net/ipv4/ip_forward
> > ipchains -A forward -s 192.168.1.1/32 -d 0.0.0.0/0 -j ACCEPT -b
> > ipchains -P forward ACCEPT
> > pon ukonline
> > ping 195.40.1.36 (this is a ukonline DNS server)
> > ... and it works.
> > 
> > I go back to the main box and try and ping the same address, and
> > nothing happens.
> > 
> 
> Different approach. Now on the modem box I do:
> 
> modprobe ipt_MASQUERADE
> iptables -F
> iptables -t nat -F
> iptables -t mangle -F
> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
> echo 1 > /proc/sys/net/ipv4/ip_forward
> 
> And from the main box, I can get through the modem box and out onto
> the net. I can ping 195.40.1.36 from the main box and it works.
> 
> The problem now is DNS. My ISP uses dynamic DNS, so I am used to
> having ppp rewrite my /etc/resolv.conf every time I connect. Now, of
> course, the modem box is doing the connecting, so the main box's
> /etc/resolv.conf does not get updated. The ISP seems to be giving me
> any two out of three nameservers, so I could fudge it by putting all
> three in the main box's /etc/resolv.conf, but I'd rather have it
> updating automatically like it's supposed to.
> 
> So I have resorted to a VILE HACK. The main box exports its /etc via
> NFS to the modem box. A script in the modem box's /etc/ppp/ip-up.d
> then copies the modem box's newly updated /etc/resolv.conf across to
> the main box whenever I connect.

Grotesque.  Now you've gone and installed portmap and NFS services on
your gateway box which can't be that great of an idea security-wise.
 
> I'm sure there must be a less vile method of doing this... what is it?

Install DNS caching software on the gateway (the modem box).  Have all
internal machines use the gateway as their nameserver (use a static
resolv.conf).  You can use BIND as a caching only nameserver, and of
course there are other choices like dnsmasq, maradns, pdnsd, and DJB's
dnscache.

-- 
Nathan Norman - Incanus Networking mailto:nnorman@incanus.net
  No.
  > Should I include quotations after my reply?

Reply to:

Follow-Ups:
- Re: modem / pon / serial problems
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

References:
- Re: modem / pon / serial problems
  - From: Pigeon <jah.pigeon@ukonline.co.uk>
- Re: modem / pon / serial problems
  - From: Pigeon <jah.pigeon@ukonline.co.uk>

Prev by Date: Re: mouse scrolling wheel borked after upgrade
Next by Date: Re: Reasons for removing packages from Debian
Previous by thread: Re: modem / pon / serial problems
Next by thread: Re: modem / pon / serial problems
Index(es):
- Date
- Thread