local dns problem on suse

Dakkar · 10-11-2006, 08:08 AM

Hi i am planning to build a network and one of my computers will be host the host machine has 2 ethernet card one is connected to dsl modem(ip:192.168.2.2 gateway:192.168.2.1) and the other ethernet card is the host for sharing connection to local computers(ip:10.0.0.1 no gateway) i have designed iptables rules for nat and policies to accept or reject but i have one problem with my local computers i can connect to the internet via ip adresses like 212.127..... but when i write domains istead of ips(like www.google.com) it doesnt resolve it i have started the dns server for each of my local computers(At least I think i did) to resolve domain names in local but it didnt work it still doesnt resolve domain names what should i do?
I am using suse 10.1 on my local comps and suse 10.0 on my host comp

and here is my iptables rules

Code:

#!/bin/sh
#Temizle

sysctl -w net.ipv4.ip_forward=1

iptables -t nat -F
iptables -t nat -X

iptables -t filter -F
iptables -t filter -X

# NAT Kuralları
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -p tcp -m multiport --dports 25,53,80,110 -o eth0 -j SNAT --to-source 192.168.2.2
iptables -t nat -A PREROUTING -i eth0 -p tcp -m multiport --dports 25,80,110 -j DNAT --to 10.0.0.3

# Filtering kuralları
iptables -P FORWARD ACCEPT
# LAN -> Internet erisim izinleri
iptables -A FORWARD -i eth2 -s 10.0.0.0/24 -p tcp -m multiport --dports 53,80 -o eth0 -j ACCEPT
#Internetten Lana Erişim
iptables -A FORWARD -i eth0 -p tcp -m multiport --dports  25,53,80,110 -d 10.0.0.3 -j ACCEPT


# Tüm gelen bağlantıları yasakla
iptables -P INPUT ACCEPT
# Loopback'den gelen bağlantıları kabul et
iptables -A INPUT -i lo -j ACCEPT
# SSH bağlantılarını yerel ağdan kabul et
iptables -A INPUT -i eth2 -j ACCEPT
# Internet yönünden gelen SSH bağlantılarını kabul et
iptables -A INPUT -i eth0 -p tcp --dport 22 -j ACCEPT
#Pingleri kapatir
iptables -A INPUT -p icmp -j DROP
#Ataklara karsi korur
iptables -A INPUT -p tcp -m hashlimit --hashlimit 5/min --hashlimit-mode srcip --hashlimit-name http --dport 80 -m state --state NEW -j ACCEPT

do you have any idea about what should i do?

homey · 10-12-2006, 05:22 PM

Quote:

i can connect to the internet via ip adresses like 212.127.....

If the client computers can get out using an ip address, it seems that your iptables isn't the cause of trouble. Although, I find it abit odd that your second nic is called eth2 instead of eth1.

Quote:

i have started the dns server for each of my local computers

What do you mean by that? The client machines aren't going to be dns servers also.
The client machines do need to know about your dns server which is in the /etc/resolv.conf file.