Re: Problem(s) resolving names with natd/ipfw.
chael_at_southgate.ph.inter.net
Date: 09/14/03
- Previous message: horio shoichi: "Re: nis security (DES passwords)"
- In reply to: Jose Albores: "Problem(s) resolving names with natd/ipfw."
- Next in thread: Jose Albores: "Re: Problem(s) resolving names with natd/ipfw."
- Reply: Jose Albores: "Re: Problem(s) resolving names with natd/ipfw."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <jote@bigfoot.com>, <freebsd-questions@FreeBSD.org> Date: Sun, 14 Sep 2003 14:48:31 +0800
1. I would try enabling named on the FreeBSD gateway and set it as a
forwarder to the DNS of my ISP. Then set all the clients' primary DNS to
that of the internal IP of your gateway.
2. I would also not use "OPEN" firewall type. I would not be comfortable
with it.
3. I would also take out the lines firewall_type and firewall_script from
rc.conf and instead create a shell script in a startup_dir (eg
/usr/local/etc/rc.d) and put all my ipfw rules in there and chmod it to be
executable. I think the original /etc/rc.firewall awaits variables set in
rc.conf eg firewall_type, etc.
----- Original Message -----
From: "Jose Albores" <josealbores@yahoo.com>
To: <freebsd-questions@FreeBSD.org>
Sent: Sunday, September 14, 2003 12:57 PM
Subject: Problem(s) resolving names with natd/ipfw.
> The problem summary is as follows:
> I'm setting up a very simple LAN at home using only
> two machines with fixed private ip addresses either.
> The FreeBSD gateway is connected to the internet
> through my cablemodem ISP's modem.
>
> The problem is that the Windows XP client CANNOT
> access the Internet with alphabetic names (should be
> called a DNS problem?) but it YES CAN do it with ip
> addresses (numbers).
>
> AFAIK (being a newbie in networking issues) it seems
> that no problems arise from the gateway side after
> "setting" up natd/ipfw.
>
> >From the client, I can ping to numeric addresses
> locally and outside. And (again using ip-numbers) I
> can telnet to my pop server's 110 port. But not with
> "names".
> The (gateway) server has NO problems with alphabetic
> addresses. Neither pinging the local network nor with
> the internet.
>
> Maybe I forgot some "flag" for natd in my
> /etc/rc.conf?
> Is/are there other option/s in my kernel-configuration
> file needeed?
> Any hint will be appreciated. Please feel free to ask
> for any necessary info.
>
>
> These are the "details".
> It's my first job with networks, and the scenario is
> as follows:
> The server:
> · Pentium 233 MMX.
> · OS: FreeBSD 4.8-RELEASE. Alternating with Win 98
> for testing.
> · dc0: interfase to my cablemodem ISP.
> · vr0: interfase to my local network connected to a
> hub.
>
> The client:
> · AMD athlon xp 2.0 Ghz.
> · OS: Windows XP.
> Adding DNS servers to the network config in the client
> didn't solve the problem.
> BTW it's not necessary to add DNS entries when the
> server boots with Win 98 + Microsoft's ICS.
>
> On the server side, I built a new kernel with (all?)
> the necessary options:
> · The GENERIC kernel, adding:
> options IPDIVERT
> options IPFIREWALL
> options IPFIREWALL_VERBOSE
> options IPFIREWALL_VERBOSE_LIMIT=200
> options IPFIREWALL_DEFAULT_TO_ACCEPT
>
> The /etc/hosts file has three entries:
> 127.0.0.1 localhost localhost.homenet.org
> 192.168.0.1 david david.homenet.org
> 192.198.0.2 goliath goliath.homenet.org
>
> My /etc/resolv.conf has been automagically generated
> when first configured the interfases.
> Maybe? it updates on every boot.
>
> And my networking-related lines in /etc/resolv.conf
> are as follows:
> --- Begin of /etc/rc.conf ---
> hostname="david.homenet.org"
> # [...] chunking a few not-networking lines...
> ifconfig_dc0="DHCP"
> ifconfig_vr0="inet 192.168.0.1 netmask 255.255.255.0"
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
> firewall_script="/etc/my.rc.firewall"
> #firewall_script="/etc/rc.firewall" ### did not work
> either!!!
> natd_enable="YES"
> natd_interface="dc0"
> natd_flags=""
> --- End of /etc/rc.conf ---
>
>
> The COMPLETE /etc/my.rc.firewall is extremely simple:
> --- Begin ---
> #!/bin/sh
> /sbin/ipfw -f flush
> /sbin/ipfw add divert natd all from any to any via dc0
> /sbin/ipfw add pass all from any to any
> --- End ---
> Testing "blindly" the /etc/rc.firewall also did not
> work.
> Learning ipfw secrets will be left for the immediate
> future ;o))).
>
>
> TIA.
> --
> José Albores - <josealbores@yahoo.com>
>
> ------------
> Internet GRATIS es Yahoo! Conexión
> 4004-1010 desde Buenos Aires. Usuario: yahoo; contraseña: yahoo
> Más ciudades: http://conexion.yahoo.com.ar
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe@freebsd.org"
>
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: horio shoichi: "Re: nis security (DES passwords)"
- In reply to: Jose Albores: "Problem(s) resolving names with natd/ipfw."
- Next in thread: Jose Albores: "Re: Problem(s) resolving names with natd/ipfw."
- Reply: Jose Albores: "Re: Problem(s) resolving names with natd/ipfw."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
