LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (https://www.linuxquestions.org/questions/linux-networking-3/)
-   -   DNS resolving problems on clients through DHCP server (https://www.linuxquestions.org/questions/linux-networking-3/dns-resolving-problems-on-clients-through-dhcp-server-176962/)

AddictIT 05-02-2004 10:54 AM
DNS resolving problems on clients through DHCP server
 
Hello,





i'm having trouble setting up my server as router for my LAN...
I've already read a dozen of threads on this forum, but i can't seem to find the good answer.


Server:
Red Hat Linux 9
2 Gibabit Ethernet NIC's

eth0 get's IP from ISP (through ISP's DHCP server)
eth1 is manually set to 192.168.0.254

I have a DHCP-server running on interface eth1, which gives IP addresses to other clients, range from 100 to 200


With the help of other threads i've managed to setup my IPTABLES and DHCP-server.


Current situation:
I can ping from LAN-clients to IP addresses on the internet
I can ping my gateway from LAN-clients (my server through eth1)

I can ping external IP's through eth0 from my server
I can't ping internal IP's through eth0 from my server

I can't ping external IP's through eth1 from my server
I can ping internal IP's through eth1 from my server


The last for items seem quite logic, i guess...

However, when i try to access a site from any client, i get an error: "Cannot find server or DNS error"
but i can ping the site on it's IP


It is clear to me that there's a problem of dns resolving on my clients, but i haven't found a way yet to solve this problem...
dns resolving on server is fine

My first guess is that there's something wrong with my dhcpd.conf (seen below)

# DHCP Configuration File

ddns-update-style interim;
#ddns-updates off;
one-lease-per-client true;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.254;
option domain-name-servers 195.238.2.22,195.238.2.21;
option domain-name "localis";
default-lease-time 21600;
max-lease-time 43200;
}

# END DHCP Configuration File




Next is my rc.local, which applies settings to the system so that ipforwarding is enabled, and the additional IPTABLES rules
# RC.LOCAL


modprobe ipt_MASQUERADE
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth0 -o eth0 -j REJECT


I'm getting desperate after an afternoon of searching...
so if anyone could help, it would be greatly appreciated...



Greets

AutOPSY 05-02-2004 01:19 PM
You need to add your ISP's DNS name and numbers from the DHCP(LINUX)Server) that is found in the /etc/resolv.conf file, to the LAN clients /etc/resolv.conf files.

As, long as there is a gateway to the internet set on the LAN machines, and the DNS server information, they will have no problem accessing anything.

AutOPSY 05-02-2004 01:21 PM
Also, your IPTABLES SCRIPT should be more like this:

#!/bin/sh

IPTABLES=/sbin/iptables

#All The lines below are NAT routing

# flush any old rules
$IPTABLES -F -t nat

# turn on NAT (IP masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

#turn on interface forwarding
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward

AutOPSY 05-02-2004 01:22 PM
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

right there your rejecting pings or packets to your own interface.

AddictIT 05-02-2004 01:30 PM
Quote:
Originally posted by AutOPSY
You need to add your ISP's DNS name and numbers from the DHCP(LINUX)Server) that is found in the /etc/resolv.conf file, to the LAN clients /etc/resolv.conf files.

As, long as there is a gateway to the internet set on the LAN machines, and the DNS server information, they will have no problem accessing anything.

clients are running windows XP so i can't set the file properties


i've tried to put that info in the connection preferences on the clients and it didn't help at that time


i'll try with the new iptables script first

AddictIT 05-02-2004 02:06 PM
Updated my files:



RC.LOCAL

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local


#modprobe ipt_MASQUERADE

IPTABLES=/sbin/iptables

# All the line below are NAT ROUTING
$IPTABLES -F -t nat

# Turn on NAT (IP Masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

# Turn on interface forwarding
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward



DHCPD.conf

# DHCP Configuration File

ddns-update-style none;
one-lease-per-client true;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.254;
option domain-name-servers 192.168.0.254;
option domain-name "localis";
default-lease-time 21600;
max-lease-time 43200;
}




RESOLV.conf

; generated by /sbin/dhclient-script
search AddictIT
nameserver 192.168.123.254

Note: nameserver changes correctly (now it is the dns from my usrobotics router, it my server is connected directly to my adsl modem it changes to the value of ip assigned by the modem)



IPTABLES rules



# Generated by iptables-save v1.2.7a on Sun May 2 21:05:18 2004
*nat
:PREROUTING ACCEPT [922:194082]
:POSTROUTING ACCEPT [179:10704]
:OUTPUT ACCEPT [293:17559]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun May 2 21:05:18 2004
# Generated by iptables-save v1.2.7a on Sun May 2 21:05:18 2004
*filter
:INPUT ACCEPT [1238:1057727]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9858:708854]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 192.168.123.254 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sun May 2 21:05:18 2004




result from ifconfig:


eth0 Link encap:Ethernet HWaddr 00:30:48:80:2E:48
inet addr:192.168.123.53 Bcast:192.168.123.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1784 errors:0 dropped:0 overruns:0 frame:0
TX packets:1117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1263418 (1.2 Mb) TX bytes:159978 (156.2 Kb)
Interrupt:18 Base address:0xa000 Memory:f5000000-f5020000

eth1 Link encap:Ethernet HWaddr 00:30:48:80:2E:47
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:581 errors:0 dropped:0 overruns:0 frame:0
TX packets:246 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:74328 (72.5 Kb) TX bytes:31711 (30.9 Kb)
Interrupt:19 Base address:0xb400 Memory:f4000000-f4020000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10143 errors:0 dropped:0 overruns:0 frame:0
TX packets:10143 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:655527 (640.1 Kb) TX bytes:655527 (640.1 Kb)

AutOPSY 05-02-2004 03:04 PM
ok, as long as packets are being forwarded to and from the two eth interfaces, go into the client machines , network >> TCP/IP properties, and check obtain an IP automatically, that will utilize DHCP for the clients, on the server machine, you need DHCPD service running listening on eth1, the interface facing the clients. and everything should be fine.

I was unaware they were XP machines.

The ifconfig output looks ok, no collisions, no errors.

AddictIT 05-02-2004 04:00 PM
with those settings i can't get it to work


my clients are setup correctly since i used dhcp through my us robotics router before, so no need to change those



it's still the dns issues that keeps bugging everything unfortunately...


All times are GMT -5. The time now is 12:31 PM.