Hey,

I'm setting up a RH box that I want to listen to both the internal IP and external IP.

I can ping the name and the public IP from the public side.

But when I am on the private lan, I can ping the local address, but not the name or the public address.

What have I missed in the conf? Is is a faulty DNS setting or what?

(I have gotten samba to run properly, yipee!)

Thanks Much,

-mac

how have you done this? Virtual Eth Card?

I would suggest to stop being a stinge and buy a second network card :P
heheh

Seriously though if you are running this as a gateway it isnt best practice for security to have a setup like this.

When I test virtual eth cards I found that quite often one would drop off and it seemed very unstable.

Chris

No, I'm not being stingy, I'm just a noob... I just though I could do it this way. The server this is replacing has a virtual nic eth0:0 (?).

If I went that direction, how do I seperate the two nics on the lan? Plus will I then be able to have an internal DNS and external DNS?

-mac

well if your having the pc to listen to internal and external addresses then one is plugged into the outside world (router, switch, modem) and the other is internal.

If you are running this system as a DNS server be careful.. DNS is naturally insecure so you will want to learn up on iptables as well.

if you are wanting this pc to handle internal DNS and external DNS i cant see why this would be a problem.

these "two ethernet cards" at the moment would both have a seperate IP.. so you pick one ethernet card to have one of the ip's etc etc

I would suggest that you probably dont need this to have two ethernet cards unless its a gateway pc. you can set up port forwarding etc from your gateway pc to manage DNS requests from external.

Hope this helps

OK, so let me make sure I understand. Currently I have one nic on the lan that is trying to listen to both public and private DNS traffic and that is considered insecure, right?

I did not want to set up a gateway, so how does this sound:

Add one new nic with a private ip listening to the 1-1 mapped public ip for DNS, web, etc...). change the current nic to a new private IP to handle any private traffice, but still not act as a gateway.

both nic's are STILL plugged into the same switch. Is that any more secure than my first idea?

Thanks, this IS being helpful.

-mac

woah... let me draw your network

INTERNET -- SWITCH -- ALL YOUR PC's
??

if so you are at risk of attack on ANY of your pcs.

I would suggest using this kind of setup (with a gateway)

INTERNET -- GATEWAY -- SWITCH -- LAN

This is not as hard and trying as it sounds...

Your gateway will run a firewall (iptables is my choice )
also u can run DHCP from it and DNS

I have a website for installing a good gateway PC so check it out.. the DNS i am not very good with BIND etc so your on your own (well plenty of other people out there :P)

visit www.chrisliveonline.com/security/ this setup will take you not more than an hour and will make you more secure

is this for home? or office?

Thanks
Chris

"is this for home? or office?"

Office, yea, well, it's not the best I admit, I'm just trying to use what I've been given to work with (three months ago). Maybe down the road I can add real security?

Thanks again.

-mac

you will spend as much time working on what you are than you would do building a gateway

I strongly suggest even more so for a business... secure/private documents out there for everyone to see... if you arent the boss impress them with a security plan shows your there to help... get some evidence about what hackers can do www.grc.com is good

do a ShieldsUp scan from there of your system you will be sickened i promise... should management and you will make a good impression im sure.

if you decide im on call for you to help... chris@chrisliveonline.com :P