DNS resolving problems on clients through DHCP server
Hello,
i'm having trouble setting up my server as router for my LAN... I've already read a dozen of threads on this forum, but i can't seem to find the good answer. Server: Red Hat Linux 9 2 Gibabit Ethernet NIC's eth0 get's IP from ISP (through ISP's DHCP server) eth1 is manually set to 192.168.0.254 I have a DHCP-server running on interface eth1, which gives IP addresses to other clients, range from 100 to 200 With the help of other threads i've managed to setup my IPTABLES and DHCP-server. Current situation: I can ping from LAN-clients to IP addresses on the internet I can ping my gateway from LAN-clients (my server through eth1) I can ping external IP's through eth0 from my server I can't ping internal IP's through eth0 from my server I can't ping external IP's through eth1 from my server I can ping internal IP's through eth1 from my server The last for items seem quite logic, i guess... However, when i try to access a site from any client, i get an error: "Cannot find server or DNS error" but i can ping the site on it's IP It is clear to me that there's a problem of dns resolving on my clients, but i haven't found a way yet to solve this problem... dns resolving on server is fine My first guess is that there's something wrong with my dhcpd.conf (seen below) # DHCP Configuration File ddns-update-style interim; #ddns-updates off; one-lease-per-client true; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.200; option routers 192.168.0.254; option domain-name-servers 195.238.2.22,195.238.2.21; option domain-name "localis"; default-lease-time 21600; max-lease-time 43200; } # END DHCP Configuration File Next is my rc.local, which applies settings to the system so that ipforwarding is enabled, and the additional IPTABLES rules # RC.LOCAL modprobe ipt_MASQUERADE iptables -t nat -F iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo 1 > /proc/sys/net/ipv4/ip_forward iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT iptables -P INPUT DROP iptables -A FORWARD -i eth0 -o eth0 -j REJECT I'm getting desperate after an afternoon of searching... so if anyone could help, it would be greatly appreciated... Greets |
You need to add your ISP's DNS name and numbers from the DHCP(LINUX)Server) that is found in the /etc/resolv.conf file, to the LAN clients /etc/resolv.conf files.
As, long as there is a gateway to the internet set on the LAN machines, and the DNS server information, they will have no problem accessing anything. |
Also, your IPTABLES SCRIPT should be more like this:
#!/bin/sh IPTABLES=/sbin/iptables #All The lines below are NAT routing # flush any old rules $IPTABLES -F -t nat # turn on NAT (IP masquerading for outgoing packets) $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE #turn on interface forwarding $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT # enable IP forwarding (of incoming packets) echo 1 > /proc/sys/net/ipv4/ip_forward |
iptables -A FORWARD -i eth0 -o eth0 -j REJECT
right there your rejecting pings or packets to your own interface. |
Quote:
clients are running windows XP so i can't set the file properties i've tried to put that info in the connection preferences on the clients and it didn't help at that time i'll try with the new iptables script first |
Updated my files:
RC.LOCAL #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don't # want to do the full Sys V style init stuff. touch /var/lock/subsys/local #modprobe ipt_MASQUERADE IPTABLES=/sbin/iptables # All the line below are NAT ROUTING $IPTABLES -F -t nat # Turn on NAT (IP Masquerading for outgoing packets) $IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE # Turn on interface forwarding $IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT $IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT # Enable IP forwarding (of incoming packets) echo 1 > /proc/sys/net/ipv4/ip_forward DHCPD.conf # DHCP Configuration File ddns-update-style none; one-lease-per-client true; subnet 192.168.0.0 netmask 255.255.255.0 { range 192.168.0.100 192.168.0.200; option routers 192.168.0.254; option domain-name-servers 192.168.0.254; option domain-name "localis"; default-lease-time 21600; max-lease-time 43200; } RESOLV.conf ; generated by /sbin/dhclient-script search AddictIT nameserver 192.168.123.254 Note: nameserver changes correctly (now it is the dns from my usrobotics router, it my server is connected directly to my adsl modem it changes to the value of ip assigned by the modem) IPTABLES rules # Generated by iptables-save v1.2.7a on Sun May 2 21:05:18 2004 *nat :PREROUTING ACCEPT [922:194082] :POSTROUTING ACCEPT [179:10704] :OUTPUT ACCEPT [293:17559] -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Sun May 2 21:05:18 2004 # Generated by iptables-save v1.2.7a on Sun May 2 21:05:18 2004 *filter :INPUT ACCEPT [1238:1057727] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [9858:708854] :RH-Lokkit-0-50-INPUT - [0:0] -A INPUT -j RH-Lokkit-0-50-INPUT -A FORWARD -j RH-Lokkit-0-50-INPUT -A FORWARD -i eth1 -o eth0 -j ACCEPT -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A RH-Lokkit-0-50-INPUT -s 192.168.123.254 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --tcp-flags SYN,RST,ACK SYN -j ACCEPT -A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT -A RH-Lokkit-0-50-INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT -A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT --reject-with icmp-port-unreachable -A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT --reject-with icmp-port-unreachable -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable -A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable COMMIT # Completed on Sun May 2 21:05:18 2004 result from ifconfig: eth0 Link encap:Ethernet HWaddr 00:30:48:80:2E:48 inet addr:192.168.123.53 Bcast:192.168.123.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1784 errors:0 dropped:0 overruns:0 frame:0 TX packets:1117 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1263418 (1.2 Mb) TX bytes:159978 (156.2 Kb) Interrupt:18 Base address:0xa000 Memory:f5000000-f5020000 eth1 Link encap:Ethernet HWaddr 00:30:48:80:2E:47 inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:581 errors:0 dropped:0 overruns:0 frame:0 TX packets:246 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:74328 (72.5 Kb) TX bytes:31711 (30.9 Kb) Interrupt:19 Base address:0xb400 Memory:f4000000-f4020000 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:10143 errors:0 dropped:0 overruns:0 frame:0 TX packets:10143 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:655527 (640.1 Kb) TX bytes:655527 (640.1 Kb) |
ok, as long as packets are being forwarded to and from the two eth interfaces, go into the client machines , network >> TCP/IP properties, and check obtain an IP automatically, that will utilize DHCP for the clients, on the server machine, you need DHCPD service running listening on eth1, the interface facing the clients. and everything should be fine.
I was unaware they were XP machines. The ifconfig output looks ok, no collisions, no errors. |
with those settings i can't get it to work
my clients are setup correctly since i used dhcp through my us robotics router before, so no need to change those it's still the dns issues that keeps bugging everything unfortunately... |
All times are GMT -5. The time now is 12:31 PM. |