Nat, dhcpd and ipfw
David Ulrich
dulrich at aspirine.li
Sun Mar 19 13:47:04 UTC 2006
Hi,
I'm running a FreeBSD 6.0 on my new router. I want to user it for
webserver, fileserver, router and dhcp server.
This computer is between my clients and my modem. I have 2 ethernet
interfaces. The interface which is on internet side (vr0) use
dhclient, the other is on an fixed IP (re0).
I have installed dhcpd and natd succesfully. My clients get an good
IP and I can ping the world ! But my problem is that I can't ping the
world with dns.... an example:
I can ping 216.239.39.105 which is google.ch, but when I ping
google.ch it returns -> ping:unknow host google.ch
From the server I can ping google.ch (it resolve dns name).
I have probabiliy misconfigured something but what? I stricly have
read the how-to, manuals, etc....
I don't have fixed domain name servers and I don't think it's
usefull. I just need that dns request are taken from "vr0" to "re0"...
WORLD <--> re0 ; MYSERVER ; vr0 <--> my clients
############### rc.conf ###############
# -- sysinstall generated deltas -- # Wed Mar 15 14:08:02 2006
# Created: Wed Mar 15 14:08:02 2006
# Enable network daemons for user convenience.
# Please make all changes to this file, not to /etc/defaults/rc.conf.
# This file now contains just the overrides from /etc/defaults/rc.conf.
gateway_enable="YES"
natd_enable="YES"
natd_interface="re0"
natd_flags="-s -u -m"
ifconfig_re0="DHCP"
dhcpd_enable="YES"
dhcpd_iface="vr0"
dhcpd_flags="vr0"
keymap="swissfrench.iso.acc"
nfs_server_enable="YES"
rpcbind_enable="YES"
saver="fire"
scrnmap="NO"
sshd_enable="YES"
usbd_enable="YES"
mysql_enable="YES"
apache_enable="YES"
firewall_enable="YES"
firewall_logging_enable="YES"
firewall_type="open"
hostname="Beastie.aspirine.li"
ifconfig_vr0="inet 10.192.168.5 netmask 255.255.255.0"
################### dhcpd.conf ##################
# dhcpd.conf
#
# Sample configuration file for ISC dhcpd
#
# option definitions common to all supported networks...
option domain-name "aspirine.li";
#option domain-name-servers 62.2.24.162, 62.2.17.60;
default-lease-time 600;
max-lease-time 7200;
# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;
# ad-hoc DNS update scheme - set to "none" to disable dynamic DNS
updates.
ddns-updates off;
ddns-update-style none;
# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;
subnet 10.192.168.0 netmask 255.255.255.0 {
range 10.192.168.1 10.192.168.4;
option domain-name "aspirine.li";
option domain-name-servers 10.192.168.5;
default-lease-time 600;
max-lease-time 7200;
option routers 10.192.168.5;
option broadcast-address 10.192.168.255;
}
############### ipfw show #####################
00050 403 40917 divert 8668 ip from any to any via re0
00100 56 6030 allow ip from any to any via lo0
00200 0 0 deny ip from any to 127.0.0.0/8
00300 0 0 deny ip from 127.0.0.0/8 to any
65000 440 45853 allow ip from any to any
65535 11 1288 deny ip from any to any
More information about the freebsd-questions
mailing list