Find the answer to your Linux question:
Results 1 to 6 of 6
Hi people... Im having trouble configuring a DNS server behind a firewall (IPCOP) and maybe someone could help me here. I will descibre my configuration below. - My firewall has ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2005
    Posts
    2

    DNS question


    Hi people...
    Im having trouble configuring a DNS server behind a firewall (IPCOP) and maybe someone could help me here. I will descibre my configuration below.

    - My firewall has a valid ip number (public ip)
    - my internal net is 192.168.254.x
    - my DMZ is 192.168.0.x ... where my DNS server is 192.168.0.2

    My internal net is working fine using this DNS server, but when i try to hit this server from outside im getting problems. Lets say my domain is domain1.com, when i try my domain1.com all is ok (i can resolve), but when i try www.domain1.com (or mail.domain1.com) i cant resolve.

    my zone file is as follow:

    $TTL 86400
    $ORIGIN domain1.com.
    @ IN SOA domain1.com. domain1.com. (
    2001122403 ; serial
    10800 ; refresh 3 hours
    3600 ; retry 1 hour
    3600 ; expire 1 hours
    36400 ; minimum 24 hours
    )
    ;
    IN NS ns1.domain1.com.
    @ IN A 192.168.0.2
    IN MX 10 domain1.com.

    mail IN A 192.168.0.2
    www IN A 192.168.0.2
    ftp IN A 192.168.0.2
    ns1 IN A 192.168.0.2
    IN MX 10 domain1.com.



    I dont know if is right to set the ip in this zone file to a internal ip (i think it is). thanks to all to read my post.

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682

    Re: DNS question

    Quote Originally Posted by aralata
    I dont know if is right to set the ip in this zone file to a internal ip (i think it is). thanks to all to read my post.
    That's the problem...if an external server hits your NS, it will resolve the hostname to a 192.168.*.* address, which it can't find (or can find, but not properly). For this situation, they all need to point to the same IP (your public) and just have your gateway NAT based on port.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  3. #3
    Just Joined!
    Join Date
    Jul 2005
    Location
    San Jose, CA
    Posts
    4
    As a side note, try ditching IPCOP and go with FirewallBuilder at www.fwbuilder.org. Much better intuitive firewall. Then you can quickly set up the NAT'ing necessary with drag and drop and get logs of connections to the firewall that are failing... Very good logging to help you troubleshoot what rule has failed. Just an FYI.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Newbie
    Join Date
    Apr 2003
    Location
    Pontypridd, Wales
    Posts
    104
    Lets start with DNS:

    The DNS data needs to put on the DNS server that serves your domain.

    For example, I use everydns, who provide me with DNS services. Using the web interface I point the domain at my world facing IP address, I can add sub domains, cnames, MX records etc, but they're all pointing at the same IP address.

    Then, if I have a webserver behind the firewall for example, any port 80 traffic arriving at the firewall/router is forwarded (internal NAT) to the (internal) IP address of the webserver (eg 192.168.1.40).

    There's nothing wrong with IPcop, it will do all of this for you. I use monowall (http://www.m0n0.ch/wall/), for me it's a lot better, (it's a live bootable disk so easy to try) but go with what you're comfortable with.
    \"One World, One Web, One Program.\" -- Advertisement for Internet Explorer.
    \"Ein Volk, Ein Reich, Ein Fuehrer.\" -- Adolf Hitler.

  6. #5
    Just Joined!
    Join Date
    Jul 2005
    Posts
    2
    Thanks everybody ... I made some changes and its working very nice now. I use ipcop because some friends use it and remmended it to me, and i think its a good firewall. The FBuilder is a good one too, ill take a look in it soon.. Sorry about my english people and thanks again.

  7. #6
    Linux Newbie
    Join Date
    Dec 2003
    Location
    Netherlands
    Posts
    193
    it's better to try talk in English, even if you have a hard time to speak it
    Computers Are Like Air Conditioners... They\'re both useless with Windows open!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •