LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 12-11-2009, 03:27 AM   #16
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,194
Blog Entries: 1

Rep: Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056

Hi,

Good to see it worked. What was the problem btw?

Regarding your new question, what you want to do is called split dns. You have to define an internal view for your LAN clients and the zones you're authoritative for and an external view where you use just forwarding to your corporate dns.
Roughly named.conf should have something like:
Code:
...
acl internal { 192.168.0.0/24; };

view "internal" {
        match-clients { internal; }

<Put here the zone definitions, etc from you current bind configuration>

};

view "external" {
        match-clients { any; };

 forward only;
 forwarders  { 10.236.1.252; };
};
Google for split dns and you'll find lots of tutorials

Regards
 
Old 12-11-2009, 03:42 AM   #17
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
Let me tell you what I did.
My ifconfig says:
Code:
[root@bangmediasrv1 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1E:4F:39:57:F0
          inet addr:10.209.47.241  Bcast:10.209.47.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:4fff:fe39:57f0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:530953455 errors:0 dropped:0 overruns:0 frame:0
          TX packets:480732835 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:221810717905 (206.5 GiB)  TX bytes:559330872945 (520.9 GiB)
          Interrupt:169 Memory:da000000-da012100

eth1      Link encap:Ethernet  HWaddr 00:1E:4F:39:57:F2
          inet addr:192.168.0.241  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::21e:4fff:fe39:57f2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:88376739061 errors:0 dropped:0 overruns:0 frame:0
          TX packets:61086224304 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:125975145168098 (114.5 TiB)  TX bytes:8634656856075 (7.8 TiB)
          Interrupt:169 Memory:d6000000-d6012100

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:77825143 errors:0 dropped:0 overruns:0 frame:0
          TX packets:77825143 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:106733780332 (99.4 GiB)  TX bytes:106733780332 (99.4 GiB)
I am connected to local LAN through 192.x.x.x series.
All I did is edited the forward file as:
Code:
# pwd
/var/named/chroot/etc
# cat named.conf
//
// named.conf for Red Hat caching-nameserver
//

options {
        directory "/var/named";
        dump-file "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        forwarders {10.209.1.252; };        ==<  My Company Gateway
        forward only;

         /*
         * If there is a firewall between you and nameservers you want
         * to talk to, you might need to uncomment the query-source
         * directive below.  Previous versions of BIND always asked
         * questions using port 53, but BIND 8.1 uses an unprivileged
         * port by default.
         */
         // query-source address * port 53;
};

//
// a caching only nameserver config
//
controls {
        inet 127.0.0.1 allow { localhost;10.209.0.0; } keys { rndckey; };  =< I think I need to mention 192 series under inet ..Is it Ok?Do I need to make changes.
};

zone "." IN {
        type hint;
        file "named.ca";
};

zone "localdomain" IN {
        type master;
        file "localdomain.zone";
        allow-update { none; };
};

zone "bangmediasrv1.apient.com" IN {
        type master;
        file "apient.com.for";
        allow-update { none; };
};

zone "0.209.10.in-addr.arpa" IN {
        type master;
        file "pient.com.rev";
        allow-update { none; };
};


zone "241.47.209.10.in-addr.arpa" IN {        ==< Doubt: Should I write 192.168 series or 10.209.*.*
        type master;
        file "pient.com.rev";
        allow-update { none; };
};


include "/etc/rndc.key";
#
Under /var/named I put these files:
pient.com.rev and pient.com.for
Code:
[root@bangmediasrv1 named]# cat pient.com.for
$TTL    86400
@               IN SOA  bangmediasrv1.pient.com.       root.pient.com. (
                                        42              ; serial (d. adams)
                                        3H              ; refresh
                                        15M             ; retry
                                        1W              ; expiry
                                        1D )            ; minimum

                IN NS           bangmediasrv1.pient.com.
                IN A            192.168.0.241
                IN MX   5       bangmediasrv1.pient.com.
bangmediasrv1   IN A            192.168.0.241
bangvmhost1     IN A            192.168.0.31
bangvmhost2     IN A            192.168.0.32
bangvmhost3     IN A            192.168.0.33
bangvmhost4     IN A            192.168.0.34
bangenvodconsole                IN A            192.168.0.22
www             IN CNAME        bangmediasrv1.pient.com.
[root@bangmediasrv1 named]# cat pient.com.rev
$TTL    86400
@      IN      SOA     bangmediasrv1.sapient.com. root.pient.com.  (
                                      1997022700 ; Serial
                                      28800      ; Refresh
                                      14400      ; Retry
                                      3600000    ; Expire
                                      86400 )    ; Minimum
              IN      NS      bangmediasrv1.sapient.com.

241       IN      PTR     bangmediasrv1.pient.com.
31       IN      PTR     bangvmhost1.pient.com.
.
[root@bangmediasrv1 named]#
Restarted the named and its working fine.
Now about How to access external website.

What my plan was is to NAT it to my company pient.com network.
So i followed this link:
http://blog.sourcehosting.net/2008/0...d-connections/

And followed these steps:
Code:
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 10.209.47.241
Saved the iptables.Restarted.
I wonder Why I cant see rules through:
Code:
iptables -L -v
Anyway, I can ping now all the pient.com machine..also dig the yahoo.com
Is it correct?

Last edited by your_shadow03; 12-11-2009 at 03:51 AM.
 
Old 12-11-2009, 04:20 AM   #18
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,194
Blog Entries: 1

Rep: Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056
You want to setup your box for ip forwarding, so that the LAN computers can go out to internet? Not only your box to access the company dns for forwarding?
Then the iptables rule should be ok.
 
Old 12-11-2009, 09:44 AM   #19
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
Yes..You are Right?
But amazingly when I tried running this commands:
Code:
service iptables restart
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]
But when I run this :
Code:
service iptables status
Firewall is stopped.
Also, it doesnt show any rule too:
Code:
#iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Do I need re-install iptables?
Why its behaving so?

Also,One Important thing to ask you if firewall is really not running then how is it resolving most of my Machine network machine?
It is partly working for few machines but not the other? Surprise!!!

Last edited by your_shadow03; 12-11-2009 at 09:47 AM.
 
Old 12-11-2009, 09:48 AM   #20
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
I checked the logs and they say:
Code:
Dec 11 21:05:23 bangmediasrv1 kernel: ip_tables: (C) 2000-2002 Netfilter core team
Dec 11 21:12:19 bangmediasrv1 iptables:  succeeded
Dec 11 21:12:19 bangmediasrv1 last message repeated 2 times
Dec 11 21:13:54 bangmediasrv1 kernel: ip_tables: (C) 2000-2002 Netfilter core team
 
Old 12-11-2009, 04:51 PM   #21
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 13,194
Blog Entries: 1

Rep: Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056Reputation: 2056
I don't use RHEL, but according to the documentation, you need to run
Code:
/sbin/service iptables save
to save your rules.
 
Old 12-11-2009, 09:14 PM   #22
your_shadow03
Senior Member
 
Registered: Jun 2008
Location: Germany
Distribution: Slackware
Posts: 1,466

Original Poster
Blog Entries: 6

Rep: Reputation: 51
Thats Ok.
Code:
# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 10.209.47.241
# service iptables save
Saving firewall rules to /etc/sysconfig/iptables:          [  OK  ]
# iptables -L -v
Chain INPUT (policy ACCEPT 1672K packets, 2252M bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain FORWARD (policy ACCEPT 444 packets, 118K bytes)
 pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 871K packets, 43M bytes)
 pkts bytes target     prot opt in     out     source               destination
# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@bangmediasrv1 ~]#
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Skolelinux (debian edu) DNS for external internet access ernst Debian 6 08-25-2008 05:49 AM
Caching DNS and Website metallica1973 Linux - Networking 16 07-28-2007 10:57 AM
DNS Website blocking Last Attacker Linux - Networking 3 10-29-2006 01:09 AM
setting up a dns for my website. please help myk3 Linux - Newbie 1 11-17-2003 06:31 AM
secondary DNS for website antken Linux - Networking 0 07-09-2002 04:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:20 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration