LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-12-2013, 12:44 AM   #1
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Rep: Reputation: Disabled
Masquerade and nat


i have installed centos 5.6 and i want to make a server on which just nating and masquerade is enabled so my clients can browse internet on their systems.My networking deivice setting is as follows
eth0=internet and ip is 150.150.61.61 subnet mask is 255.255.0.0
eth1 private and ip is 192.168.0.1 for my private clients
[Here is my dhcpd.conf file format

subnet 192.168.0.0 netmask 255.255.255.0 {

# --- default gateway
option routers 192.168.0.1;
option subnet-mask 255.255.255.0;

# option nis-domain "domain.org";
option domain-name "example.com";
option domain-name-servers 192.168.0.1;

option time-offset -18000; # Eastern Standard Time
# option ntp-servers 192.168.1.1;
# option netbios-name-servers 192.168.1.1;
# --- Selects point-to-point node (default is hybrid). Don't change this unless
# -- you understand Netbios very well
# option netbios-node-type 2;

range dynamic-bootp 192.168.0.5 192.168.0.6;
default-lease-time 21600;
max-lease-time 43200;

# we want the nameserver to appear at a fixed address
host ns {
next-server marvin.redhat.com;
hardware ethernet 12:34:56:78:AB:CD;
fixed-address 207.175.42.254;
}


i have iptables command for enabling masquerade as

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERSDE

i have enable packet forwarding in /etc/sysctl.conf
net.ipv4.ip_forward = 1


my client have dhcp enabled and ip of my first client is 192.168.0.6 with subnet mask 255.255.255.0

my client default gateway is of as my server eth1 ip address i-e
192.168.0.1

my query is that whenever my client want to browse internet its not working either by name of websit like google.com or by ip address of website.why this happen as i have enabled nating and masquerade yet not possible on client for browsing internet and on server internet is browsing

i have flused all iptables rules delete all chains before enabling masquerade but results same no internet on clients

please let me know how will it will be fix



and main point which i forgot to mention is that when i put my eth0 gateway in /etc/resolv.conf file internet works fine for client and if remove its not working and default /etc/reoslv.conf of my client is nameserver 192.168.0.1 as of my eth1 address

moreover i can ping my eth0 and eth1 address from client

Last edited by seeklinux; 07-12-2013 at 12:57 AM. Reason: forgot one point
 
Old 07-12-2013, 01:29 AM   #2
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,404

Rep: Reputation: Disabled
Quote:
Originally Posted by seeklinux View Post
and main point which i forgot to mention is that when i put my eth0 gateway in /etc/resolv.conf file internet works fine for client and if remove its not working and default /etc/reoslv.conf of my client is nameserver 192.168.0.1 as of my eth1 address
That is indeed the main point and it tells you exactly what the problem is: The clients aren't getting the right DNS server setting via DHCP. Your problem obviously has nothing whatsoever to do with iptables or NAT.

When you say it works when you put your "eth0 gateway" in the client's /etc/resolv.conf file, exactly what do you mean? Do you add the IP address of the eth0 interface of your router, or the IP address of the upstream router?

In any case, it would seem your CentOS system either isn't running a DNS server, or it isn't working properly, or the firewall settings in CentOS are preventing your clients from communicating with it. You should either fix the DNS problem on the CentOS system, or simply change the domain-name-server option in dhcpd.conf to point to a different DNS server, like the one you mentioned.

(By the way, why on earth do you have an entry for "marvin.redhat.com" in dhcpd.conf?)
 
1 members found this post helpful.
Old 07-12-2013, 02:02 AM   #3
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
Thnx for guidence i will tell u in points

1.when i put eth0 gateway(the IP address of the upstream router)address in client /etc/resolv.conf then internet works fine for me on client.as my server IP is 150.150.61.61 subnetmask is 255.255.0.0 gateway is 150.150.25.25 on these settings my internet working fine on server and if i put 150.150.25.25 in client /etc/resolv.conf internet works on client

2.i have no dns runing on server

3.marvin.redhat.com this is by default entry so i have not edit it as it is already commented

4. i have change domain-name-server option in dhcpd.conf to point to 150.150.25.25 my gateway of interface eth0 now internet works on client.

5.seeming that it is dns problem which block internet for my client iptables are ok on server.

now tell what i will do furhter should i just point domain-name-server option in dhcpd.conf to 150.150.25.25 or make a dns server
 
Old 07-12-2013, 02:46 AM   #4
Ser Olmy
Senior Member
 
Registered: Jan 2012
Distribution: Slackware
Posts: 2,404

Rep: Reputation: Disabled
You could just put 150.150.25.25 as the DNS server in dhcpd.conf, or you could install a DNS server like BIND or dnsmasq on the CentOS server.

Either will work, and if you don't actually need a local DNS server, the first option is by far the easiest.
 
1 members found this post helpful.
Old 07-12-2013, 05:18 AM   #5
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
thnx alot for your guidence now it works for me simple i put 150.150.25.25 in dhcpd.conf file

Last edited by seeklinux; 07-12-2013 at 05:20 AM.
 
Old 07-18-2013, 01:08 AM   #6
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
from above scenario i want to make a local DNS server for my clients on eth1 interface as my interfaces are
eth0=internet
eth1=private, IP = 192.168.0.1
i have installed bind package by the command
yum install bind

i such case is it necessary that i will make internal zone file to my eth0 and external zone file to lan clients or no need to do this

i just want to make to local dns server for my clients on eth1 so my upstream IP so my clients will no see it
 
Old 07-18-2013, 08:01 AM   #7
Siddharth Sharma
LQ Newbie
 
Registered: Feb 2013
Location: New Delhi
Distribution: Rhel5, Rhel6, CentOS, MAC OS X
Posts: 17

Rep: Reputation: Disabled
hello..

you don't need to make two different zones for LAN and WAN..
just create a zone for internal network only..
your local users will use your server as a gateway to communicate to WAN.
Make a small DNS configuration.
 
Old 07-19-2013, 01:00 AM   #8
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
thnx for help
i have started my DNS server step by step and trying to configuring it remove errors in various cases like named.root.hints file not found rfc1912.zones file not found i move on and make my internal zone as follows
here is my internal zone file as i named my DNS server (idirao.com) so i make idirao.com-internal.db file and following is the configuratin file

[root@first ~]# cat /var/named/chroot/var/named/first.com-internal.db
$TTL 3600
@ in soa idirao.com user.idirao.com 1 3H 15M 1W 1D
ns idirao.com.
@ IN A 150.150.61.61
idirao.com IN A 150.150.61.61
www.idirao.com IN CNAME idirao.com

by starting service named start i got following error

[root@first ~]# service named start
Starting named:
Error in named configuration:
zone localdomain/IN: loaded serial 42
zone localhost/IN: loaded serial 42
zone 0.0.127.in-addr.arpa/IN: loaded serial 1997022700
zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa/IN: loaded serial 1997022700
zone 255.in-addr.arpa/IN: loaded serial 42
zone 0.in-addr.arpa/IN: loaded serial 42
zone first.com/IN: loaded serial 1
zone my.ddns.internal.zone/IN: loading master file slaves/my.ddns.internal.zone.db: file not found
internal/my.ddns.internal.zone/IN: file not found
zone my.external.zone/IN: loading master file my.external.zone.db: file not found
external/my.external.zone/IN: file not found


how will i remove these errors and make my local DNS server workable.please guide

Last edited by seeklinux; 07-19-2013 at 01:22 AM.
 
Old 07-19-2013, 02:22 AM   #9
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
i have tried and clear maximum of above errors and now when i start bind i get error

service named start

Starting named:
Error in named configuration:
/etc/named.root.hints:12: zone '.': already exists previous definition: /etc/named.root.hints:12
[FAILED]
 
Old 07-25-2013, 12:39 AM   #10
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
thnx all for help

Last edited by seeklinux; 07-26-2013 at 12:35 AM.
 
Old 07-31-2013, 03:13 AM   #11
seeklinux
LQ Newbie
 
Registered: Jul 2013
Posts: 10

Original Poster
Rep: Reputation: Disabled
A bit problem of squid

Last edited by seeklinux; 07-31-2013 at 05:44 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
routing / IP masquerade / NAT question stu_c Slackware 9 05-17-2011 04:55 PM
NAT with MASQUERADE only for eth2 ? czezz Linux - Networking 1 06-16-2010 12:08 PM
NAT/Masquerade not working? eswenson Linux - Networking 3 06-04-2010 03:08 PM
nat/masquerade, connection tracking b0uncer Linux - Networking 2 07-20-2004 05:22 AM
iptables - true nat AND masquerade rebuke Linux - Security 3 11-11-2003 03:02 PM


All times are GMT -5. The time now is 01:20 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration