Hi all,
I am semi-new to Linux, but very new to setting up a server. I have a test environment using VMware with 3 virtual machines - 2 Fedora 7 machines and an SLES 10 machine. I am using the one Fedora 7 machine as a server/router/firewall/gateway for the other F7 and SLES machines, simulating a small private network.
I have NAT working, but now I am trying to configure my F7 server as a DNS server. What I have done is I have taken the named.caching-nameserver.conf file, copied it as named.conf, and am using that. Here is the code from that:
Code:
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { localhost; };
recursion yes;
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
zone "." IN {
type hint;
file "named.ca";
};
include "/etc/named.rfc1912.zones";
nslookup runs successfully from the server machine, but when I change the nameserver to my server's IP in my client machine, nslookup is not successful from the client machine. I am able to ping my server from my client.
I did run tcpdump from both machines during an nslookup from client to server.
From server:
Code:
02:33:17.379031 IP 192.168.50.51.filenet-pa > 192.168.50.1.domain: 2225+ A? www.google.com. (32)
02:33:22.379588 IP 192.168.50.51.filenet-pa > 192.168.50.1.domain: 2225+ A? www.google.com. (32)
02:33:27.381808 IP 192.168.50.51.filenet-pa > 192.168.50.1.domain: 2225+ A? www.google.com. (32)
eth0 is my Internet-facing adapter, and a tcpdump with eth0 shows no activity during an nslookup from one of my clients.
Could iptables be incorrectly configured?
Code:
iptables --flush
iptables -t nat --flush
iptables -t mangle --flush
iptables -A FORWARD -i eth0 -o eth1 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -A FORWARD -j LOG
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.50.2 -j MASQUERADE
#---------------------------------------------------------------
# Allow outbound DNS queries from the FW and the replies too
#
# - Interface eth0 is the internet interface
#
# Zone transfers use TCP and not UDP. Most home networks
# / websites using a single DNS server won't require TCP statements
#
#---------------------------------------------------------------
iptables -A OUTPUT -p udp -o eth0 --dport 53 --sport 1024:65535 \
-j ACCEPT
iptables -A INPUT -p udp -i eth0 --sport 53 --dport 1024:65535 \
-j ACCEPT
iptables -A OUTPUT -p udp -o eth1 --dport 53 --sport 1024:65535 \
-j ACCEPT
iptables -A INPUT -p udp -i eth1 --sport 53 --dport 1024:65535 \
-j ACCEPT
I'd appreciate any troubleshooting tips, because I am stuck!