Re: Debian networking - accessing public-side servers from a private network
On Thu, 21 Dec 2017 20:57:09 +0100
Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> Now you seem to have found a rather good solution (not based on some
> hackish NAT, convoluted routing or complex split DNS), it may be
> uselee to carry on this thread, but I am just interested and curious.
>
> Le 21/12/2017 à 12:10, Phil Reynolds a écrit :
> > On Thu, 21 Dec 2017 07:23:06 +0100
> > Pascal Hambourg <pascal@plouf.fr.eu.org> wrote:
> >
> >> How are TCP/IP parameters configured on the client ?
> >> Could you show its routing table ?
> >
> > Output of "route" on it:
> >
> > Destination 192.168.0.0 Gateway * Genmask 255.255.255.0 Flags U
> > Metric 0 Ref 0 Use 0 Iface wlan0
>
> Is that all ? No default route ?
> How can it reach any address outside the private subnet ?
What it can see locally on the physical network, it reaches. Otherwise
it goes through the router. I haven't interfered with this at all.
> > Output of "route -A inet6" is much longer - see
> > http://paste.debian.net/1001796 - note that this is "as is", I
> > haven't concealed anything.
>
> That does not look like an IPv6 routing table, not even like any
> routing table. It rather looks like some key=value pair config file.
> Here are the few first lines of what I see :
Indeed, I have no idea where it actually went. Now at
http://paste.debian.net/1001920/
> >>>> All the IPv4 and IPv6 nameservers used by the client must resolve
> >>>> the name into the private address. If they also serve the public
> >>>> zone, you must set up "split DNS" to server different versions
> >>>> for private and public clients.
> >>>
> >>> Unfortunately I have found no way to override the radvd-provided
> >>> DNS server addresses - otherwise I would have done this.
> >> Aren't you in control of the router configuration and which IPv6
> >> DNS servers are advertised in the RAs it sends (radvd ?), and of
> >> these servers behaviour ?
> >
> > I am in control but it's a case of "can it be done and if so
> > how?".
>
> If the IPv6 router advertisements are sent by radvd on the router,
> the RDNSS option advertising the IPv6 DNS addresses are defined in
> the config file /etc/radvd.conf. The defined DNS server(s), along
> with the IPv4 ones, should be under your control and set up to serve
> different records for the Asterisk server name based on the query
> source address. This is called split DNS. In BIND the feature is
> named "views".
Perhaps I should say "I am in control of the radvd but the IPv6
nameservers are not mine and therefore I cannot control their
behaviour."
It may be possible for me to use dnsmasq to provide a workaround, but
as things stand now I don't need it.
--
Phil Reynolds
mail: phil-debian@tinsleyviaduct.com
Web: http://phil.tinsleyviaduct.com/
Reply to: