LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   How do you make the ip masquerade server/dhcp server broadcast dns to lan (http://www.linuxquestions.org/questions/linux-networking-3/how-do-you-make-the-ip-masquerade-server-dhcp-server-broadcast-dns-to-lan-42443/)

cmisip 01-22-2003 10:54 PM

How do you make the ip masquerade server/dhcp server broadcast dns to lan
 
I am moving my ip masq server from Linux Mandrake 9 to Redhat 8. In LM9 there is a gui configuration for connection sharing so that was pretty easy. I have to do it manually with RH8. So far I have configured dial on demand and a dhcp server on RH8. I have a laptop that connects wirelessly to either the LM9 ip masq machine or the RH8 ip masq machine. The problem is, my laptop cannot resolve the url address if the IP masq machine is redhat8. It can resolve the url address if I edit the laptops /etc/resolv.conf to add my isps primary and secondary dns but this is only good until the laptop renews its ip via dhcp at which point the /etc/resolv.conf gets overwritten and just simply points to nameserver 192.168.1.1. If I use the LM9 machine, the laptop can connect to the internet even if the contents of the laptop /etc/resolv.conf is just nameserver 192.168.1.1. This leads me to believe that the LM9 machine is somehow broadcasting the dns address to the laptop but I dont know how to duplicate this in Redhat 8. Can anybody help?
Also I am looking for a good firewall script that will work with dial on demand. The first one I tried from linuxguruz only works if i start the script after I have started an internet connection. This is so because If I start it during boot up it will detect my temporary IP and configure itself with that (the temporary ip gets changed by dial on demand when it actually establishes a connection and so the firewall fails to let me connect to any url). Any recommendation on a good firewall script to work with dial on demand. In addition I need the ip masq machine to open allow nfs and samba and dhcp server(to the lan only of course) and block everything else. I would appreciate any pointers. Thansk again,.

cmisip 01-22-2003 10:56 PM

The firewall script will have to do ip masq as well of course. Thanks.

peter_robb 01-23-2003 03:07 AM

Have a look here for the tutorial with scripts at the end.

Your only real problem is masquerading, & when to pick up the new ip number.
This can be made separate from the basic ruleset. You only need to reference the new number for the masquerading rule in the nat POSTROUTING chain, and also in the nat PREROUTING chain if you have separate rp_filter rules rather than the /proc/sys/net/conf/*/ built in rp_filter.
All that, means that you can load your rules on boot and only make masquerade changes after the dialling is completed.

dhcp servers can also deliver gateway and dns settings to clients when they request an ip number. If you have a dns caching server on the RH8 box, you can leave the supplied dns number as the RH box rather than the external dns servers, letting the RH box's dns caching server talk to the outside world...

eg dnrd

cmisip 01-23-2003 04:22 PM

I installed shorewall and my dial on demand and shorewall firewall worked together very well. How do you start a dns caching server on Redhat 8? Thanks.

peter_robb 01-23-2003 07:35 PM

instal dnrd

It has a good man page and docs with it.

cmisip 01-25-2003 12:41 PM

Thanks for the ideas. I stumbled upon an easier solution while viewing my dhcpd.conf file. There is the option domain-name-servers which is set to 192.168.1.1. I simply added my isp's dns ip to this. Each time the client machines renews its lease, the client /etc/resolv.conf now contains the isp's dns numbers as well as 192.168.1.1. It's not the LM9 solution but its working. My Linux clients and windows client now have ip masquerading behind a shorewall firewall. In the future I will read up on Redhat 8 dns. I think I need to run named.conf but I dont know how to configure that yet. I will move on to opening the linux server's ports for nfs, mysql,smb,ssh and other projectsl. Thanks again.

peter_robb 01-25-2003 10:43 PM

You will only need to run a full dns server if you reference internal servers in your network,
otherwise the dns caching server is much less trouble and faster...


All times are GMT -5. The time now is 07:04 PM.