LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 05-02-2004, 10:54 AM   #1
AddictIT
LQ Newbie
 
Registered: May 2004
Location: Belgium
Distribution: Debian / Ubuntu
Posts: 6

Rep: Reputation: 0
Unhappy DNS resolving problems on clients through DHCP server


Hello,





i'm having trouble setting up my server as router for my LAN...
I've already read a dozen of threads on this forum, but i can't seem to find the good answer.


Server:
Red Hat Linux 9
2 Gibabit Ethernet NIC's

eth0 get's IP from ISP (through ISP's DHCP server)
eth1 is manually set to 192.168.0.254

I have a DHCP-server running on interface eth1, which gives IP addresses to other clients, range from 100 to 200


With the help of other threads i've managed to setup my IPTABLES and DHCP-server.


Current situation:
I can ping from LAN-clients to IP addresses on the internet
I can ping my gateway from LAN-clients (my server through eth1)

I can ping external IP's through eth0 from my server
I can't ping internal IP's through eth0 from my server

I can't ping external IP's through eth1 from my server
I can ping internal IP's through eth1 from my server


The last for items seem quite logic, i guess...

However, when i try to access a site from any client, i get an error: "Cannot find server or DNS error"
but i can ping the site on it's IP


It is clear to me that there's a problem of dns resolving on my clients, but i haven't found a way yet to solve this problem...
dns resolving on server is fine

My first guess is that there's something wrong with my dhcpd.conf (seen below)

# DHCP Configuration File

ddns-update-style interim;
#ddns-updates off;
one-lease-per-client true;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.254;
option domain-name-servers 195.238.2.22,195.238.2.21;
option domain-name "localis";
default-lease-time 21600;
max-lease-time 43200;
}

# END DHCP Configuration File




Next is my rc.local, which applies settings to the system so that ipforwarding is enabled, and the additional IPTABLES rules
# RC.LOCAL


modprobe ipt_MASQUERADE
iptables -t nat -F
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT
iptables -P INPUT DROP
iptables -A FORWARD -i eth0 -o eth0 -j REJECT


I'm getting desperate after an afternoon of searching...
so if anyone could help, it would be greatly appreciated...



Greets
 
Old 05-02-2004, 01:19 PM   #2
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
You need to add your ISP's DNS name and numbers from the DHCP(LINUX)Server) that is found in the /etc/resolv.conf file, to the LAN clients /etc/resolv.conf files.

As, long as there is a gateway to the internet set on the LAN machines, and the DNS server information, they will have no problem accessing anything.
 
Old 05-02-2004, 01:21 PM   #3
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
Also, your IPTABLES SCRIPT should be more like this:

#!/bin/sh

IPTABLES=/sbin/iptables

#All The lines below are NAT routing

# flush any old rules
$IPTABLES -F -t nat

# turn on NAT (IP masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

#turn on interface forwarding
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward
 
Old 05-02-2004, 01:22 PM   #4
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
iptables -A FORWARD -i eth0 -o eth0 -j REJECT

right there your rejecting pings or packets to your own interface.
 
Old 05-02-2004, 01:30 PM   #5
AddictIT
LQ Newbie
 
Registered: May 2004
Location: Belgium
Distribution: Debian / Ubuntu
Posts: 6

Original Poster
Rep: Reputation: 0
Quote:
Originally posted by AutOPSY
You need to add your ISP's DNS name and numbers from the DHCP(LINUX)Server) that is found in the /etc/resolv.conf file, to the LAN clients /etc/resolv.conf files.

As, long as there is a gateway to the internet set on the LAN machines, and the DNS server information, they will have no problem accessing anything.

clients are running windows XP so i can't set the file properties


i've tried to put that info in the connection preferences on the clients and it didn't help at that time


i'll try with the new iptables script first
 
Old 05-02-2004, 02:06 PM   #6
AddictIT
LQ Newbie
 
Registered: May 2004
Location: Belgium
Distribution: Debian / Ubuntu
Posts: 6

Original Poster
Rep: Reputation: 0
Updated my files:



RC.LOCAL

#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local


#modprobe ipt_MASQUERADE

IPTABLES=/sbin/iptables

# All the line below are NAT ROUTING
$IPTABLES -F -t nat

# Turn on NAT (IP Masquerading for outgoing packets)
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE

# Turn on interface forwarding
$IPTABLES -A FORWARD -i eth1 -o eth0 -j ACCEPT
$IPTABLES -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT

# Enable IP forwarding (of incoming packets)
echo 1 > /proc/sys/net/ipv4/ip_forward



DHCPD.conf

# DHCP Configuration File

ddns-update-style none;
one-lease-per-client true;

subnet 192.168.0.0 netmask 255.255.255.0 {
range 192.168.0.100 192.168.0.200;
option routers 192.168.0.254;
option domain-name-servers 192.168.0.254;
option domain-name "localis";
default-lease-time 21600;
max-lease-time 43200;
}




RESOLV.conf

; generated by /sbin/dhclient-script
search AddictIT
nameserver 192.168.123.254

Note: nameserver changes correctly (now it is the dns from my usrobotics router, it my server is connected directly to my adsl modem it changes to the value of ip assigned by the modem)



IPTABLES rules



# Generated by iptables-save v1.2.7a on Sun May 2 21:05:18 2004
*nat
:PREROUTING ACCEPT [922:194082]
:POSTROUTING ACCEPT [179:10704]
:OUTPUT ACCEPT [293:17559]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sun May 2 21:05:18 2004
# Generated by iptables-save v1.2.7a on Sun May 2 21:05:18 2004
*filter
:INPUT ACCEPT [1238:1057727]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9858:708854]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A FORWARD -i eth1 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A RH-Lokkit-0-50-INPUT -s 192.168.123.254 -p udp -m udp --sport 53 --dport 1025:65535 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --tcp-flags SYN,RST,ACK SYN -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth1 -p udp -m udp --sport 67:68 --dport 67:68 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --tcp-flags SYN,RST,ACK SYN -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Sun May 2 21:05:18 2004




result from ifconfig:


eth0 Link encap:Ethernet HWaddr 00:30:48:80:2E:48
inet addr:192.168.123.53 Bcast:192.168.123.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1784 errors:0 dropped:0 overruns:0 frame:0
TX packets:1117 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1263418 (1.2 Mb) TX bytes:159978 (156.2 Kb)
Interrupt:18 Base address:0xa000 Memory:f5000000-f5020000

eth1 Link encap:Ethernet HWaddr 00:30:48:80:2E:47
inet addr:192.168.0.254 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:581 errors:0 dropped:0 overruns:0 frame:0
TX packets:246 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:74328 (72.5 Kb) TX bytes:31711 (30.9 Kb)
Interrupt:19 Base address:0xb400 Memory:f4000000-f4020000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:10143 errors:0 dropped:0 overruns:0 frame:0
TX packets:10143 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:655527 (640.1 Kb) TX bytes:655527 (640.1 Kb)
 
Old 05-02-2004, 03:04 PM   #7
AutOPSY
Member
 
Registered: Mar 2004
Location: US
Distribution: Redhat 9 - Linux 2.6.3
Posts: 836

Rep: Reputation: 31
ok, as long as packets are being forwarded to and from the two eth interfaces, go into the client machines , network >> TCP/IP properties, and check obtain an IP automatically, that will utilize DHCP for the clients, on the server machine, you need DHCPD service running listening on eth1, the interface facing the clients. and everything should be fine.

I was unaware they were XP machines.

The ifconfig output looks ok, no collisions, no errors.

Last edited by AutOPSY; 05-02-2004 at 03:06 PM.
 
Old 05-02-2004, 04:00 PM   #8
AddictIT
LQ Newbie
 
Registered: May 2004
Location: Belgium
Distribution: Debian / Ubuntu
Posts: 6

Original Poster
Rep: Reputation: 0
with those settings i can't get it to work


my clients are setup correctly since i used dhcp through my us robotics router before, so no need to change those



it's still the dns issues that keeps bugging everything unfortunately...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Caching DNS server error (lame server resolving) Iggyboo Linux - Networking 1 02-24-2005 03:43 AM
DHCP server not resolving address netguy2000 Linux - Networking 6 10-07-2004 04:19 AM
DHCP host (not) resolving trough DNS jamezdin Linux - Networking 3 05-30-2004 01:38 PM
BIND9 and W2k dhcp clients DNS suffix issue. wasp4141 Linux - Networking 1 04-06-2004 10:56 PM
DNS not resolving notes server name and dhcp not releasing leases DanielKwok Linux - Networking 1 02-10-2004 10:04 PM


All times are GMT -5. The time now is 06:37 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration