From owner-freebsd-questions Mon Apr 17 19:59: 9 2000 Delivered-To: freebsd-questions@freebsd.org Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207]) by hub.freebsd.org (Postfix) with ESMTP id 3947337BB0D for ; Mon, 17 Apr 2000 19:59:02 -0700 (PDT) (envelope-from cjc@cc942873-a.ewndsr1.nj.home.com) Received: (from cjc@localhost) by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id WAA52851; Mon, 17 Apr 2000 22:58:39 -0400 (EDT) (envelope-from cjc) Date: Mon, 17 Apr 2000 22:58:39 -0400 From: "Crist J. Clark" To: Rick Hamell Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Strange Nat/DNS? problem Message-ID: <20000417225839.B52719@cc942873-a.ewndsr1.nj.home.com> Reply-To: cjclark@home.com References: <20000415212715.B46067@cc942873-a.ewndsr1.nj.home.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: ; from hamellr@aracnet.com on Mon, Apr 17, 2000 at 08:11:21AM -0700 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, Apr 17, 2000 at 08:11:21AM -0700, Rick Hamell wrote: > > > First, where are your DNS servers? Inside or outside of your NAT'ed > > net? I would guess outside? I thought you said that you _could_ ping > > any machine outside though? Are we talking about DNS lookups on the > > NAT machine or on the private net? > > Yes, sorry. The DNS servers are OUTSIDE my Nat'd network. BUT I > can ping any other server by IP address I want too... I just can not ping > the DNS servers from inside. They're pingable from outside just fine... My > Windows machine exibits the same behavior so I believe it to be a NAT > problem vs. DNS... below are my settings. > > :rc.local > > network_interfaces="auto" > > # -- sysinstall generated deltas -- # > ifconfig_fxp0="inet 216.36.55.89 netmask 255.255.0.0" ^^^^^^^^^^^ Is that the correct netmask? > ifconfig_de0="inet 198.162.1.1 netmask 255.255.0.0" > gateway_enable="YES" > firewall_enable="YES" > firewall_type="open" > nat_enable="YES" > natd_interface="fxp0" #Public interface > natd_flags="-f /etc/natd.conf" #addition flags for natd > defaultrouter="216.36.55.1" > #router_enable="YES" > hostname="heorot.grendal.org" > linux_enable="YES" > ibcs2_enable="YES" > lpd_enable="YES" > > > :resolv.conf > domain grendal.org > nameserver 216.36.26.5 > nameserver 216.36.0.5 OK, but these DNS settings don't have anything to do with what the internal machines do for DNS. > :natd.conf > > interface fxp0 > dynamic yes > use_sockets yes > same_ports yes Other than the netmask question, it seems OK, except you left out your firewall rules, 'ipfw show'. Turn on a tcpdump on the outer interface and ping a DNS server from the gateway machine. Then, turn on tcpdump on the inside too and ping from one of the internal machines. Try to pose the tcpdumps to catch ARP packets and ICMP... cut out other noise if possible. -- Crist J. Clark cjclark@home.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message