Victor: I'm replying back to the list because I have a couple of ancillary questions, and to share my successful experience ... Perhaps you intended your reply to go to the list, but the bummer reality is that the default reply is to the sender, not to the list :(Tells the fw to resolve using dns service listening on nameserver. The real answer is below.
Per below, Victor suggested:
- I rename my eth1 & eth2 to be eth0 & eth1, respectively (since I have no eth0 otherwise);
- I change my resolv.conf from:
search lan
nameserver 127.0.0.1
to instead be:
nameserver 127.0.0.1
nameserver 192.168.1.254
I figured that the eth0/1/2 naming _shouldn't _ matter (and would require my changing shorewall setup) so I just made the resolv.conf change and voila! we have a fix.
So once again thank you to the list, and in particular to Victor!
My piddly questions are these:
- shouldn't having 127.0.0.1 in resolv.conf permit the fw itself to resolve from itself no differently than adding in 192.168.0.254 (addy of the fw's private-network interface?) The way I see it: 127.0.0.1 = the fw, and 192.168.0.254 = the fw, mais non?
By default dnscache listens on 192.168.1.254.
- do I care that I don't have a 'search lan' line in my resolv.conf? What does this do? I read up via 'man resolv.conf' but it didn't make much sense to me: perhaps because I don't quite understand what a "domain search path" is.
Search will the useful when you setup Tinydns!
Again, thanks to the list and to the LEAF developers. LEAF absolutely ROCKS! I'm going to be setting up a LEAF box at our office because our Linksys model:BEFSX41 is wonky. Newest firmware but IPSec is problematic, exposed ports are sometimes un-connectable, etc.
scott; canada
Victor McAllister wrote:
freeman wrote:
I'm running Bering 1.2when I do a dial in LEAF box - I change this to eth0
My ISP up and died on me so I'm getting by, having reconfigged my LEAF box to use the ppp (serial modem) package, instead of the pppoe/ppp package. As a consequence I have removed eth0 and now have ppp0 as the internet interface. eth1 = private LAN, eth2 = DMZ. I get assigned a dynamic IP address on ppp0, via the modem's dialing-in.
With this changed setup the problem is that I can resolve DNS names when asked to do so by PC's that are on the private LAN and for the machine on the DMZ, too (e.g. ping www.yahoo.com resolves and pings fine). However I get the following msg if I try to do the same ping from the firewall itself:
ping: www.yahoo.com: Host name lookup failure
I've read the dnscache docs and sought on this leaf-user list for any hints but found none that have panned out.
I had previously mentioned that I was playing with having a second copy of dnscache running (called dnscach2). I have removed that reference from lrpkg.cfg so that should not be an issue. As well, shorewall makes no complaints (i.e. log entries) about port 53 traffic, nor ICMP packets.
Does anyone have any ideas? I fear that I've exhausted the documentation that's available (dnscache homepage, LEAF docs, google ...).
Thanks for any help that might come my way.
scott; canada
Here's some config info that might shed some light: grep -v "^#" /etc/network/interfaces ==================================== auto lo iface lo inet loopback
auto ppp0 iface ppp0 inet ppp provider provider
auto eth1 iface eth1 inet static address 192.168.0.254 masklen 24 broadcast 192.168.0.255
and this to eth1auto eth2 iface eth2 inet static address 10.0.0.254 masklen 24 broadcast 10.0.0.255
I then make sure the dnscahe is listening on etho and eth1
did you put in a YES for dnscache forwarding - when you use a modem you should use forwarding and the ISPs DNS servers.
should say - otherwise the router has no where to look up names itself - although the clients do.
grep -v "^#" /etc/resolv.conf ==================================== search lan nameserver 127.0.0.1
nameserver 127.0.0.1
nameserver 192.168.1.254
grep -v "^#" /etc/networks ==================================== localnet 127.0.0.0
grep 53 /etc/shorewall/rules | grep -v "^#" ==================================== ACCEPT dmz fw udp 53 ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT loc fw udp 53
grep -v "^#" /etc/dnscache/env/IP ==================================== 192.168.0.254
grep -v "^#" /etc/dnscache/env/IPQUERY ==================================== 192.168.0 127.0.0.1
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
