LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-17-2003, 04:51 PM   #1
registering
Member
 
Registered: Jun 2003
Location: Florida, USA
Distribution: Drake 10.1 Download
Posts: 182

Rep: Reputation: 30
Unhappy Why does 12.170.16.134 route to the wrong box??


Howdy all,
I have a computer inside our LAN that uses 192.168.0.134 as its static IP. I can ssh, view webpages, etcetera, with no trouble when using this internal IP address. What I would like is for any and all traffic for 12.170.16.134 to be routed to 192.168.0.134.

I thought I could do that by adding these 2 lines to my firewall:

$IPTABLES -t nat -A POSTROUTING -s 192.168.0.134 -o $EXTIF -j SNAT --to 12.170.16.134
$IPTABLES -t nat -A PREROUTING -s 12.170.16.134 -i $EXTIF -j DNAT --to 192.168.0.134

However if you web-browse to 12.170.16.134, you actually see our gateway's webpage (marisys.com), not the internal computer's (NERR data tables webpage). I thought the above command says for anything coming FROM 192.168.0.134, change its source to 12.170.16.134, and anything going TO 12.170.16.134, send it to 192.168.0.134. What am I doing wrong??

It seems 12.170.16.134 gets routed TO the gateway, rather than THROUGH the gateway. This is the output of ifconfig on the gateway:


eth0 Link encap:Ethernet HWaddr 00:01:02:CA1:33
inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2644 errors:0 dropped:0 overruns:0 frame:0
TX packets:2809 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:401745 (392.3 Kb) TX bytes:2184116 (2.0 Mb)
Interrupt:15 Base address:0xfc80

eth1 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.130 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3443 errors:0 dropped:0 overruns:5269 frame:0
TX packets:2948 errors:0 dropped:0 overruns:5269 carrier:0
collisions:0 txqueuelen:100
RX bytes:1752739 (1.6 Mb) TX bytes:390657 (381.5 Kb)
Interrupt:9 Base address:0x6000

eth1:0 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.131 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:1 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.132 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:2 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.134 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:3 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.135 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:4 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.136 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:5 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.137 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:6 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.138 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:7 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.139 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:8 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.140 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:9 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.141 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

eth1:10 Link encap:Ethernet HWaddr 00:02:E3:0C:70:80
inet addr:12.170.16.142 Bcast:12.170.16.143 Mask:255.255.255.240
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:9 Base address:0x6000

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:125 errors:0 dropped:0 overruns:0 frame:0
TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15121 (14.7 Kb) TX bytes:15121 (14.7 Kb)




And this is ifconfig on the internal computer:
eth0 Link encap:Ethernet HWaddr 00:07:32:00:40:56
inet addr:192.168.0.134 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:217 errors:0 dropped:0 overruns:0 frame:0
TX packets:82 errors:0 dropped:0 overruns:0 carrier:0
collisions:17 txqueuelen:100
RX bytes:29349 (28.6 Kb) TX bytes:43325 (42.3 Kb)
Interrupt:12 Base address:0xd400 Memory:e2100000-e2100038

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:16 errors:0 dropped:0 overruns:0 frame:0
TX packets:16 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1000 (1000.0 b) TX bytes:1000 (1000.0 b)



Our gateway hosts other pages etc., so I can't just masquerade everything on port 80, for example, I want to send all traffic for 12.170.16.134 and send it to 192.168.0.134.

The internal computer used to be proxy-hosted, but that's not an option anymore.

This is the firewall -- superfluous stuff removed -- on the gateway:

EXTIF="eth1"
INTIF="eth0"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"

#load modules
.........................


echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward


echo " clearing any existing rules and setting default policy.."
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F

echo " FWD: Allow all connections OUT and IN " #only existing and related ones IN"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Enabling SNAT functionality for selected hosts on $EXTIF"

$IPTABLES -t nat -A POSTROUTING -s 192.168.0.134 -o $EXTIF -j SNAT --to 12.170.16.134
$IPTABLES -t nat -A PREROUTING -s 12.170.16.134 -i $EXTIF -j DNAT --to 192.168.0.134

echo " Enabling NPAT (MASQUERADE) functionality on $EXTIF"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE



Any ideas?? Any help is greatly appreciated.

Last edited by registering; 09-17-2003 at 05:32 PM.
 
Old 09-20-2003, 06:19 PM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
Quote:
$IPTABLES -t nat -A PREROUTING -s 12.170.16.134 -i $EXTIF -j DNAT --to 192.168.0.134
This will pass traffic that came from 12.170.16.134 ...
I think you meant to 12.170.16.134 = -d 12.170.16.134


You can only do SNAT once in Netfilter, so the first matching rule wins...
Quote:
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.134 -o $EXTIF -j SNAT --to 12.170.16.134
would precede the MASQ rule and is unnecessary anyway.
Best remove it and rely on just the MASQ rule. This one covers all possibilities.

Last edited by peter_robb; 09-20-2003 at 06:21 PM.
 
Old 09-22-2003, 10:36 PM   #3
registering
Member
 
Registered: Jun 2003
Location: Florida, USA
Distribution: Drake 10.1 Download
Posts: 182

Original Poster
Rep: Reputation: 30
Thanks for taking the time to help peter_robb, it's really appreciated. This is what I've got now:

echo " Accept all connections in and out"
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG

echo " Routing internet address to intranet address for CDMO"
# the next block was added when making the CDMO non-proxied
$IPTABLES -t nat -A PREROUTING -i $INTIF -d 12.170.16.134 -j DNAT --to-destination 192.168.0.134
$IPTABLES -t nat -A PREROUTING -i $EXTIF -d 12.170.16.134 -j DNAT --to-destination 192.168.0.134

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -d 192.168.0.134 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -d 192.168.0.134 -m state --state NEW -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF -d 192.168.0.134 -m state --state NEW -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

echo " Spoofing intranet address to internet address..."
#now spoof our intranet IP to our internet IP if we're leaving our intranet
$IPTABLES -t nat -A POSTROUTING -s 192.168.0.134 -j SNAT --to-source 12.170.16.134

echo " Enabling NPAT (MASQUERADE) functionality both internal and external"
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
$IPTABLES -t nat -A POSTROUTING -o $INTIF -j MASQUERADE



Now the outside world can see www.nerrenvirons.org (registered to 12.170.16.134 and actually hosted on 192.168.0.134) just fine, but nobody INSIDE my LAN can. I don't know if this is a firewall issue, or some DNS issue.


From inside my LAN I get these results from dig:

[root@grampus root]# dig www.nerrenvirons.org

; <<>> DiG 9.2.1 <<>> www.nerrenvirons.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 47687
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;www.nerrenvirons.org. IN A

;; Query time: 109 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 22 17:07:36 2003
;; MSG SIZE rcvd: 38



However from the computer where everything actually resides (192.168.0.134) I get this:
root@CDMO-blowfish root]# dig www.nerrenvirons.org

; <<>> DiG 9.2.1 <<>> www.nerrenvirons.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63966
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;www.nerrenvirons.org. IN A

;; ANSWER SECTION:
www.nerrenvirons.org. 10800 IN CNAME ns3.nerrenvirons.org.
ns3.nerrenvirons.org. 10800 IN A 12.170.16.134

;; AUTHORITY SECTION:
nerrenvirons.org. 10800 IN NS ns3.nerrenvirons.org.

;; Query time: 2 msec
;; SERVER: 192.168.0.134#53(192.168.0.134)
;; WHEN: Mon Sep 22 17:06:50 2003
;; MSG SIZE rcvd: 86



I can http to www.nerrenvirons.org from the actual system no problem, which is really weird. That made me think there's some recursion problem at work, so I tried the following from my gateway (12.170.16.134) (inside my LAN but not on actual system serving the webpages):

[root@grampus root]# dig +trace www.nerrenvirons.org

; <<>> DiG 9.2.1 <<>> +trace www.nerrenvirons.org
;; global options: printcmd
. 509244 IN NS F.ROOT-SERVERS.NET.
. 509244 IN NS G.ROOT-SERVERS.NET.
. 509244 IN NS H.ROOT-SERVERS.NET.
. 509244 IN NS I.ROOT-SERVERS.NET.
. 509244 IN NS J.ROOT-SERVERS.NET.
. 509244 IN NS K.ROOT-SERVERS.NET.
. 509244 IN NS L.ROOT-SERVERS.NET.
. 509244 IN NS M.ROOT-SERVERS.NET.
. 509244 IN NS A.ROOT-SERVERS.NET.
. 509244 IN NS B.ROOT-SERVERS.NET.
. 509244 IN NS C.ROOT-SERVERS.NET.
. 509244 IN NS D.ROOT-SERVERS.NET.
. 509244 IN NS E.ROOT-SERVERS.NET.
;; Received 244 bytes from 127.0.0.1#53(127.0.0.1) in 75 ms

org. 172800 IN NS TLD1.ULTRADNS.NET.
org. 172800 IN NS TLD2.ULTRADNS.NET.
;; Received 120 bytes from 192.5.5.241#53(F.ROOT-SERVERS.NET) in 97 ms

nerrenvirons.org. 86400 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 86400 IN NS ns2.marisys.net.
;; Received 101 bytes from 204.74.112.1#53(TLD1.ULTRADNS.NET) in 55 ms

nerrenvirons.org. 77257 IN NS ns2.marisys.net.
nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77257 IN NS ns2.marisys.net.
nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 14 ms

nerrenvirons.org. 77257 IN NS ns2.marisys.net.
nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 13 ms

nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77257 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 12 ms

nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77257 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77257 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 18 ms

nerrenvirons.org. 77257 IN NS ns2.marisys.net.
nerrenvirons.org. 77257 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 13 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 13 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 13 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 12 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 11 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 28 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 11 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 11 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 12 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 12 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 14 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 13 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 15 ms

nerrenvirons.org. 77256 IN NS ns2.marisys.net.
nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 14 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.131#53(ns2.marisys.net) in 15 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 19 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77256 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77256 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77255 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77255 IN NS ns2.marisys.net.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 13 ms

nerrenvirons.org. 77255 IN NS ns2.marisys.net.
nerrenvirons.org. 77255 IN NS ns3.nerrenvirons.org.
;; Received 101 bytes from 12.170.16.134#53(ns3.nerrenvirons.org) in 20 ms

nerrenvirons.org. 77255 IN NS ns2.marisys.net.
nerrenvirons.org. 77255 IN NS ns3.nerrenvirons.org.
dig: Too many lookups
[root@grampus root]# dig +norecursion www.nerrenvirons.org

; <<>> DiG 9.2.1 <<>> +norecursion www.nerrenvirons.org
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17088
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 1

;; QUESTION SECTION:
;www.nerrenvirons.org. IN A

;; AUTHORITY SECTION:
nerrenvirons.org. 77246 IN NS ns3.nerrenvirons.org.
nerrenvirons.org. 77246 IN NS ns2.marisys.net.

;; ADDITIONAL SECTION:
ns2.marisys.net. 10800 IN A 12.170.16.131

;; Query time: 26 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Mon Sep 22 17:12:02 2003
;; MSG SIZE rcvd: 101


Does that mean I've got a loop somewhere?
 
Old 09-24-2003, 11:04 AM   #4
registering
Member
 
Registered: Jun 2003
Location: Florida, USA
Distribution: Drake 10.1 Download
Posts: 182

Original Poster
Rep: Reputation: 30
Okay, I don't think it's a looping problem. I can http to ns3.nerrenvirons.org from within my LAN, just not www.nerrenvirons.org, which is weird. On my gateway's /var/log/messages, I always get a "lame server" error whenever I try to access www.nerrenvirons.org. That means 192.168.0.134 doesn't even know it's hosting nerrenvirons.org?? But outside my LAN www.nerrenvirons.org can be reached so it must know something, and inside I can get to ns3.nerrenvirons.org so that's getting routed properly. I heard using aliases can lead to trouble, so I changed www to use CNAME. This is the zone file:

[root@cdmo root]# cat /var/named/db.nerrenvirons.org
$TTL 3h
nerrenvirons.org. IN SOA ns3.nerrenvirons.org. root.nerrenvirons.org. (
9 ; Serial
3h ; Reresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
IN A 12.170.16.134
;
; Name servers
;
nerrenvirons.org. IN NS ns3.nerrenvirons.org.

;
; Addresses for the canonical names
;
localhost IN A 127.0.0.1
ns3 IN A 12.170.16.134

;
; Aliases
;
www.nerrenvirons.org. IN A 12.170.16.134


The error msgs in my gateway's /var/log/messages are all of this format:

Sep 24 10:59:33 grampus named[3082]: lame server resolving 'www.nerrenvirons.org' (in 'nerrenvirons.org'?): 12.170.16.131#53
Sep 24 10:59:33 grampus named[3082]: lame server resolving 'www.nerrenvirons.org' (in 'nerrenvirons.org'?): 12.170.16.134#53

It always tries my gateway first (12.170.16.131) which makes sense, then tries 12.170.16.134, which (according to my firewall) should route to 192.168.0.134, I don't know if 192.168.0.134 ever gets contacted though for www.nerrenvirons.org requests from within my LAN so I don't know if it's my gateway for my internal system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
ping on wrong interface despite route ocgltd Linux - Networking 1 09-27-2005 12:23 AM
I am not able to add a new route to my route table using route command prashanth s j Linux - Networking 2 09-03-2005 05:34 AM
Know what domains are at : 216.92.134.50 varzosu Linux - Networking 1 09-24-2004 06:10 PM
how do you set up your Linux box to route secure wifi? richard3403 Linux - Wireless Networking 0 11-15-2003 03:40 PM
Setting RH9 box up to route lathspel Linux - Networking 4 09-29-2003 02:05 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:46 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration