[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian networking - accessing public-side servers from a private network

On Thu, 21 Dec 2017 20:57:09 +0100
Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:

> Now you seem to have found a rather good solution (not based on some 
> hackish NAT, convoluted routing or complex split DNS), it may be
> uselee to carry on this thread, but I am just interested and curious.
> 
> Le 21/12/2017 à 12:10, Phil Reynolds a écrit :
> > On Thu, 21 Dec 2017 07:23:06 +0100
> > Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> >   
> >> How are TCP/IP parameters configured on the client ?
> >> Could you show its routing table ?  
> > 
> > Output of "route" on it:
> > 
> > Destination 192.168.0.0 Gateway * Genmask 255.255.255.0 Flags U
> > Metric 0 Ref 0 Use 0 Iface wlan0  
> 
> Is that all ? No default route ?
> How can it reach any address outside the private subnet ?

What it can see locally on the physical network, it reaches. Otherwise
it goes through the router. I haven't interfered with this at all.

> > Output of "route -A inet6" is much longer - see
> > http://paste.debian.net/1001796 - note that this is "as is", I
> > haven't concealed anything.  
> 
> That does not look like an IPv6 routing table, not even like any
> routing table. It rather looks like some key=value pair config file.
> Here are the few first lines of what I see :

Indeed, I have no idea where it actually went. Now at
http://paste.debian.net/1001920/

> >>>> All the IPv4 and IPv6 nameservers used by the client must resolve
> >>>> the name into the private address. If they also serve the public
> >>>> zone, you must set up "split DNS" to server different versions
> >>>> for private and public clients.  
> >>>
> >>> Unfortunately I have found no way to override the radvd-provided
> >>> DNS server addresses - otherwise I would have done this.  
> >> Aren't you in control of the router configuration and which IPv6
> >> DNS servers are advertised in the RAs it sends (radvd ?), and of
> >> these servers behaviour ?  
> > 
> > I am in control but it's a case of "can it be done and if so
> > how?".  
> 
> If the IPv6 router advertisements are sent by radvd on the router,
> the RDNSS option advertising the IPv6 DNS addresses are defined in
> the config file /etc/radvd.conf. The defined DNS server(s), along
> with the IPv4 ones, should be under your control and set up to serve
> different records for the Asterisk server name based on the query
> source address. This is called split DNS. In BIND the feature is
> named "views".

Perhaps I should say "I am in control of the radvd but the IPv6
nameservers are not mine and therefore I cannot control their
behaviour." 

It may be possible for me to use dnsmasq to provide a workaround, but
as things stand now I don't need it.

-- 
Phil Reynolds
mail: phil-debian@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/
Reply to: