Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 12 Feb 2000 01:08:41 -0600
From:      "David A. Gobeille" <dgobe@mcs.net>
To:        freebsd-isp@freebsd.org
Subject:   DSL firewall and DNS
Message-ID:  <38A506F9.F402F9D@mcs.net>

next in thread | raw e-mail | index | archive | help
Hello,

Sorry if this is off topic, but I assume many of you have
experience with setting up similar configurations for your
customers.

I would like to setup a FreeBSD 3.4 box as a firewall and also
use it to provide DNS service.  The box will have two interfaces,
pn0 and pn1, and I have been assigned a /29 address block.

pn0 will attach to the internal network and will use
192.168.2.254/24 as it's address.

pn1 will attach to the DSL modem and use two of the assigned
addresses, e.g. 200.1.2.50/29 & 200.1.2.51/32 (alias).

The relevant rc.conf lines:

network_interfaces= "pn0 pn1 lo0"
ifconfig_pn0=       "inet 192.168.2.254 netmask 255.255.255.0"
ifconfig_pn1=       "inet 200.1.2.50    netmask 255.255.255.248"
ifconfig_pn1_alias0="inet 200.1.2.51    netmask 255.255.255.255"


Will using the named configuration below satisfy the following
requirements?

	1. When I register "company.com" with a registrar, will
	   I be able to use 200.1.2.50 & 51 as my name server
	   addresses? (I understand the fault tolerance issues
	   and I only have one computer for now, I want the single
	   machine to appear as two distinct name servers.)

	2. Internal machines can query for addresses on the
	   internal LAN	and any Internet hosts.

	3. Any Internet host can query the domain for addresses
	   using the 200.1.2.48/29 address block.


Configuration files for named: (feel free to make comments or correct
any errors in the configuration :-) 
****************************** named.conf
options {
	directory "/etc/namedb";

	forwarders {
		isp's dns server;
		ditto;
	};
};

zone "." {
	type hint;
	file "named.root";
};

zone "0.0.127.IN-ADDR.ARPA" {
	type master;
	file "localhost.rev";
};

zone "company.com" {
	type master;
	file "company.com";
};

zone "2.168.192.in-addr.arpa" {
	type master;
	file "company.com.rev";
};

zone"48/29.2.1.200.in-addr.arpa" {
	type master;
	file "external.rev";
};
*****************************************

************************************ localhost.rev
@       IN      SOA     fw.company.com. root.company.com.  (
                                1998051000      ; Serial
                                3600    ; Refresh
                                900     ; Retry
                                3600000 ; Expire
                                3600 )  ; Minimum
        IN      NS      ns1.company.com.
        IN      NS      ns2.company.com.
1       IN      PTR     localhost.company.com.
************************************

************************************ company.com
company.com.        IN      SOA     fw.company.com. root.company.com. (
                                1998060101  ; Serial
                                86400       ; Refresh
                                7200        ; Retry
                                8640000     ; Expire
                                86400 )     ; Minimum

;name servers
                IN      NS      ns1
                IN      NS      ns2
ns1             IN      A       200.1.2.50
ns2             IN      A       200.1.2.51

; Hosts
localhost       IN      A       127.0.0.1
fw		IN	A	192.168.2.254
internal	IN	A	192.168.2.1
external	IN	A	200.1.2.52
************************************

************************************ company.com.rev
@               IN      SOA     fw.company.com. root.company.com. (
                                1998080700  ; Serial
                                86400       ; Refresh
                                7200        ; Retry
                                8640000     ; Expire
                                86400 )     ; Minimum

;name servers
                IN      NS      ns1.company.com.
                IN      NS      ns2.company.com.

; PTR records
1		IN	PTR	internal.company.com.
254             IN      PTR     fw.company.com.
************************************

************************************ external.rev
$ORIGIN 48/29.2.1.200.in-addr.arpa.
@       IN      SOA     fw.company.com. root.company.com. (...)
@               NS      ns1.company.com.
@	IN	NS	ns2.company.com.

50              PTR     ns1.company.com.
51              PTR     ns2.company.com.
52		PTR	external.company.com.
************************************



Any help is most welcome, thanks.

--

Dave


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38A506F9.F402F9D>