LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 11-07-2014, 07:08 AM   #1
j_me
LQ Newbie
 
Registered: Nov 2014
Posts: 19

Rep: Reputation: Disabled
Building a firewall/router, I need guru help.


I'm a networking noob building a router with two ethernet connections and I've come to the point where I need to ask for help/direction.

At the moment the setup looks like this.
laptop <---> switch <----> eth1(static) myRouter eth0(dhcp) <----> router/firewall/modem

In brief, from the laptop:
I can ping 8.8.8.8
I can traceroute e.g. google-dot-com
I can ssh into myRouter with 'ssh the@192.2.1.2' but not with 'ssh the@thing'
I can't load any web page # web browsers report that the firewall or DNS is at fault (router/firewall/modem works properly when laptop is directly connected to it)

I realise that myRouter being behind a router/firewall/modem maybe the reason why I'm having problems, but before I can have myRouter guard against the outside world it needs configuring so I don't know what else to do.

I've been tinkering with a few files, please tell me which ones you need to look at.

Files that I edited were:
/etc/network/interfaces
/etc/sysctl.conf
/etc/dhcp3/dhcpd.conf
/etc/dhcp/dhcpd.conf
/etc/default/isc-dhcp-server
/etc/init.d/nat.sh # This is a script that I installed from a tut

Thanks for reading
 
Old 11-07-2014, 02:18 PM   #2
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,867

Rep: Reputation: 162Reputation: 162
Let's solve the issue to load Web page at first. Where is your DNS server? How do you setup DNS on laptop?
 
Old 11-07-2014, 04:15 PM   #3
jefro
Moderator
 
Registered: Mar 2008
Posts: 22,047

Rep: Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632Reputation: 3632
Not sure I had an answer. Just wanted to say hi and welcome.

If I'd have answered at all this post would not show up as much. As a zero reply it gets better treatment on forum.
 
Old 11-08-2014, 07:53 AM   #4
j_me
LQ Newbie
 
Registered: Nov 2014
Posts: 19

Original Poster
Rep: Reputation: Disabled
Thanks for the reply and thanks for the welcome.
Quote:
Where is your DNS server?
I didn't setup a DNS server as I understand I need a registered domainname which I don't have, am I right in thinking that. So I pointed myRouter to the router/firewall/modem.
I've posted the /etc/resolv.conf file as this seems to be overwritten by a program whenever I reboot myRouter(the@thing).
/etc/resolv.conf
Code:
domain lan
search lan
nameserver 192.168.1.254 # This is the router/firewall/modem
the@thing ~ $ route -n
Code:
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth0
192.2.1.0       0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
Quote:
How do you setup DNS on laptop?
The laptop is set to automatic(DHCP)
 
Old 11-08-2014, 09:00 AM   #5
michaelk
Moderator
 
Registered: Aug 2002
Posts: 25,916

Rep: Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988Reputation: 5988
The MODEM/firewall/router DHCP server will automatically provide the nameserver (itself) which gets written to the /etc/resolv.conf file. Your DHCP server may not be configured to send nameserver information which is why it only works when connected to the router.

Without a local DNS you will not be able to resolve devices on your internal LAN. Depending on how many devices are on your LAN it might be easier to add them to your /etc/hosts file. Obviously, this will only work for static IP addresses.
 
Old 11-08-2014, 09:04 AM   #6
ember1205
Member
 
Registered: Oct 2014
Posts: 176

Rep: Reputation: 16
Quote:
Originally Posted by j_me View Post
I didn't setup a DNS server as I understand I need a registered domainname which I don't have, am I right in thinking that.
DNS servers can do different things. One role is to be an authoritative name server for a domain that you actually do own. I have created an internal domain that I actually host a domain for to allow my clients easier access to things like my servers and firewall and such.

Another role is to retrieve information on behalf of your clients so that they can find and connect to sites on the web. This would be referred to as either a caching name server or forwarder. This role is exceptionally important for your clients, and it will be something that an authoritative server can also do.

Your router will almost certainly be acquiring the DNS servers of the ISP you're connected to. It's common for the router to pass these on to the DHCP clients on the network and the router will simply forward through the requests. Your choices are to either have your myRouter device acquire the DNS settings from the actual router and also pass those through to the DHCP clients on your network, or set up a forwarder on the myRouter device and hand out the internal IP address of the device to your DHCP clients.
 
1 members found this post helpful.
Old 11-08-2014, 09:54 AM   #7
j_me
LQ Newbie
 
Registered: Nov 2014
Posts: 19

Original Poster
Rep: Reputation: Disabled
Thanks for the helpful explanations/directions. I'll keep you all posted on my progress.
Thanks again
 
Old 11-10-2014, 03:06 PM   #8
nini09
Senior Member
 
Registered: Apr 2009
Posts: 1,867

Rep: Reputation: 162Reputation: 162
The configuration of DHCP server in router/firewall/modem is wrong. It tell client DNS server is itself, 192.168.1.254 or router/firewall/modem.
Following link may help you. You can use nearest public DNS server for small LAN if you isn't going to install local DNS server. Of course, local DNS server is better than public.
https://help.ubuntu.com/community/isc-dhcp-server
 
1 members found this post helpful.
Old 11-18-2014, 06:54 AM   #9
linuxgurusa
Member
 
Registered: Mar 2008
Location: Namibia, Swakopmund
Distribution: Redhat, Fedora, Centos, ClearOS, Mandrake
Posts: 151

Rep: Reputation: 29
Some questions

On your Internal Laptop, do you receive DHCP address ?
If you do the command ipconfig, is the correct networking details given by your DHCP ?
If you do the command ipconfig /all , does it show the correct DNS server ?

Can you ping 8.8.8.8 from your internal Laptop ?

If you can ping 8.8.8.8, can you ping (or at least resolve) www.google.com ?

If you can resolve www.google.com, does the following command open a connection ?

telnet www.google.com 80
 
Old 11-26-2014, 06:42 PM   #10
MikeDeltaBrown
Member
 
Registered: Apr 2013
Location: Arlington, WA
Distribution: Slackware
Posts: 96

Rep: Reputation: 10
/etc/resolv.conf on MyRouter is being overwritten by the DHCP client. Learn more about this with `man dhcpcd` paying attention to the -C option.... or man dhclient.conf paying attention to the "request -> domain-name-servers" option. Which one you need to look at depends on your distribution. Just type `ps aux | grep dh` for a hint.

Since you can ping 8.8.8.8 and traceroute, it looks like routing is OK.

Name services need to be looked at more in depth. List the DNS entries of each computer in the chain:
grep ^nameserver /etc/resolv.conf for linux boxes,
ipconfig /all for windoze boxes [just the DNS Servers line(s)]

The web page problem is interesting. My guess is the NAT script needs to be looked at. Try:
`cat /proc/sys/net/ipv4/ip_forward` after you run your NAT script. It should return a one (1). If so then we'll need to see /etc/init.d/nat.sh.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Building an firewall/router over Mandriva 2007 orlandomhb Linux - Networking 3 06-19-2007 05:18 PM
Building Firewall/Router in Slackware darreng23 Linux - Networking 1 05-03-2005 05:51 AM
Building an OpenBSD 3.6 firewall/router... Erik Thorsson *BSD 6 02-11-2005 03:27 PM
Building up a router-firewall on Slackware 9.1 ZeiP Linux - Networking 1 02-11-2004 06:09 PM
Building router/firewall from a computer apberzerk Linux - Hardware 10 01-13-2004 11:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:04 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration