Re: BIND and iptables config

To: Henning Follmann <hfollmann@itcfollmann.com>
Cc: debian-user@lists.debian.org
Subject: Re: BIND and iptables config
From: Rodary Jacques <rodaryj@free.fr>
Date: Fri, 16 Feb 2018 04:26:14 +0100
Message-id: <[🔎] 38944309.NHnzl0WLTD@ns.rodary.net>
In-reply-to: <[🔎] 20180215164436.zlbf532lrtas6cbp@smallapple.itcfollmann.com>
References: <[🔎] 1949828.irdbgypaU6@ns.rodary.net> <[🔎] 20180215164436.zlbf532lrtas6cbp@smallapple.itcfollmann.com>

Le jeudi 15 février 2018, 11:44:36 CET Henning Follmann a écrit :
> On Thu, Feb 15, 2018 at 05:01:52PM +0100, Rodary Jacques wrote:
> > With NetworkManager, /etc/network/interfaces has only the loopbak interface, and I can't use wicd which can't deal with two wired interfaces. And, Henning Follmann, my English is too poor to explain clearly my setup which is the standard one when your ISP gives you one routable address and you want your home LAN to have access to internet.
> > 	Thanks for your interest anyway.
> > 		Jacques
> > 
> 
> Hello,
> no your english was good enough to describe your setup. And I would say
> that 90% of "us" have a form of "dialup" with on routable ip address and a
> NAT setup.
> First bind is not "standard" in this kind of situation and makes things
> overly complicated. I would recommend dnsmasq instead. It is much more
> staight forward for a NAT box to setup. It will also provide you with a
> dhcp server.
> And in your situation you also want to disable/avoid the NetworkManager. 
I told before that wiced can't deal with two wired interfaces.
> It is quite easy because evry device you list in /e/n/i 
i don't know ( with my poor English :-)) what is /e/n/i 
> will be
> automaticaaly ignored by the NetworkManager.
> And clearly because you have difficulties in setting this up doesn't make
> all of this a bug.
I don't find it normal to try to use interfaces before they are up! It's obvously not a bug, but it's just  telling  users they shouldn't  try to understand. When I fist tried Debian in april 2016, with Jessie, I read in the bind9 doc something like "there are some issues about changing bind9 configuration, as future upgrade will loose your changes". without any more details. 
> Also I want to mention to setup a router with Red Hat or with debian is
> possible but there a distributions which are much more suited for this purpose. 
I switched to Debian not to find it easier (Redhat wasn't) but because of safety and coherence.
But NetworkManager, which was on Fedora long before that on Debian, did not the stupid things it does with resolv.conf and interfaces.
> I personally like pfsense and opnsense. Both are based on BSD but
> they are excellent for SOHO routing. 
Thanks to Wikipedia, I understood SOHO :-D
> 
> -H
Have a good day (or night).
	JR

Reply to:

Follow-Ups:
- Re: BIND and iptables config
  - From: rhkramer@gmail.com
- Re: BIND and iptables config
  - From: Henning Follmann <hfollmann@itcfollmann.com>

References:
- Re: BIND and iptables config
  - From: Rodary Jacques <rodaryj@free.fr>
- Re: BIND and iptables config
  - From: Henning Follmann <hfollmann@itcfollmann.com>

Prev by Date: Re: BIND and iptables config
Next by Date: Re: wiki
Previous by thread: Re: BIND and iptables config
Next by thread: Re: BIND and iptables config
Index(es):
- Date
- Thread