Date: Tue, 23 Jul 2002 08:48:56 -0400 From: "Joe & Fhe Barbish" <barbish@a1poweruser.com> To: "sagacious" <sagacious@unixhideout.com> Cc: "FBSDQ" <questions@FreeBSD.ORG> Subject: RE: Need help with DNS Message-ID: <MIEPLLIBMLEEABPDBIEGOEDFCGAA.barbish@a1poweruser.com> In-Reply-To: <000001c23219$881c6a50$0a01a8c0@MIKESBOX>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Restating your problem. Every thing works as expected for requests originating from the public internet, But any requests origination from the LAN behind your firewall gets denied. This could very well be a IPFW firewall rules problem. You have to have a IPFW rule to allow all originating LAN traffic to pass through the firewall. For each LAN Nic card you have on your GATEWAY/IPFW FBSD box, you must have an corresponding rule in the IPFW rules file like this. allow all from any to any via xl0 Where xl0 is the FBSD NIC card device name of your Lan Nic card. This rule normally is located in the beginning of the IPFW rules file. If you still need help post your IPFW rules file for review. Joe -----Original Message----- From: owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of sagacious Sent: Tuesday, July 23, 2002 3:21 AM To: freebsd-questions@freebsd.org Subject: Need help with DNS Hi. I changed my network setup a while ago. I had to put everything behind a firewall router due to a denial of service attack.. So now, I am specifying a "static" ip in my rc.conf, but it's a local one, 192.168.1.20, I port forwarded all the services to that ip. The problem is, you can all go to my site, http://www.unixhideout.com <http://www.unixhideout.com/>; , but if I click that url, my router pass box pops up. I had to temporarily change ALL the links in my site, for example <img src= http://www.unixhideout.com/img/blah.gif to <img src= <http://www.unixhideout.com/img/blah.gif%20to%20%3cimg%20src=>; /img/blah.gif.. and I access the box using http://192.168.1.20 <http://192.168.1.20/>; I don't want to have to do this, and a lot of things do not work for me and its my site!! Well, I posted this a while ago, and a lot of people said if I ran my own DNS for my domain, I could stop this from happening.. Well I took the time to learn DNS a bit, and im running it now, and I was wondering exactly what I need to do.. In my unixhideout.com.hosts I specified this.. $ttl 38400 unixhideout.com. IN SOA labs. root.unixhideout.com. ( 1025839968 10800 3600 604800 38400 ) unixhideout.com. IN NS labs labs.unixhideout.com. IN A 65.187.193.189 root.unixhideout.com. IN RP root.unixhideout.com. admin Host-Info.unixhideout.com. IN HINFO INTEL FreeBSD mail.unixhideout.com. IN MX 10 65.187.193.189 unixhideout.com. IN A 65.187.193.189 mail.unixhideout.com. IN A 65.187.193.189 smtp.unixhideout.com. IN A 65.187.193.189 www.unixhideout.com. IN A 65.187.193.189 pop3.unixhideout.com. IN A 65.187.193.189 irc.unixhideout.com. IN A 65.187.193.189 email.unixhideout.com. IN A 65.187.193.189 ftp.unixhideout.com. IN A 65.187.193.189 Everything works.. You guys (the net) can go to my site and use all the services. But I cannot.. I tried changing all those IPS to 192.168.1.20, and then I could use unixhideout.com and you couldn't!! im losing my patience! Please tell me what I have to do for the internet AND ME to be able to use the domain I paid for! =] and when you explain pretend I'm 2 years old. Im fragile. Thanks! sagacious (Mike) Network administrator The unixhideout network http://www.unixhideout.com [-- Attachment #2 --] <html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">; <head> <meta http-equiv=Content-Type content="text/html; charset=us-ascii"> <meta name=ProgId content=Word.Document> <meta name=Generator content="Microsoft Word 9"> <meta name=Originator content="Microsoft Word 9"> <link rel=File-List href="cid:filelist.xml@01C23225.C7ABD0A0"> <!--[if gte mso 9]><xml> <o:OfficeDocumentSettings> <o:DoNotRelyOnCSS/> </o:OfficeDocumentSettings> </xml><![endif]--><!--[if gte mso 9]><xml> <w:WordDocument> <w:Zoom>0</w:Zoom> <w:DocumentKind>DocumentEmail</w:DocumentKind> <w:EnvelopeVis/> <w:Compatibility> <w:BreakWrappedTables/> <w:SnapToGridInCell/> <w:WrapTextWithPunct/> <w:UseAsianBreakRules/> </w:Compatibility> <w:BrowserLevel>MicrosoftInternetExplorer4</w:BrowserLevel> <w:SpellingState>Clean</w:SpellingState> <w:GrammarState>Clean</w:GrammarState> </w:WordDocument> </xml><![endif]--> <style> <!-- span.EMAILSTYLE17 {mso-style-noshow:yes;} span.SPELLE {mso-spl-e:yes;} span.GRAME {mso-gram-e:yes;} /* Font Definitions */ @font-face {font-family:"MS Mincho"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-alt:"\FF2D\FF33 \660E\671D"; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} @font-face {font-family:Tahoma; panose-1:2 11 6 4 3 5 4 4 2 4; mso-font-charset:0; mso-generic-font-family:swiss; mso-font-pitch:variable; mso-font-signature:16792199 0 0 0 65791 0;} @font-face {font-family:"Lucida Console"; panose-1:2 11 6 9 4 5 4 2 2 4; mso-font-charset:0; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:647 0 0 0 31 0;} @font-face {font-family:"\@MS Mincho"; panose-1:0 0 0 0 0 0 0 0 0 0; mso-font-charset:128; mso-generic-font-family:roman; mso-font-format:other; mso-font-pitch:fixed; mso-font-signature:1 134676480 16 0 131072 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} p.MsoAutoSig, li.MsoAutoSig, div.MsoAutoSig {margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman";} span.EmailStyle17 {mso-style-type:personal; mso-ansi-font-size:10.0pt; mso-bidi-font-size:10.0pt; mso-ascii-font-family:"Lucida Console"; mso-hansi-font-family:"Lucida Console"; color:black; mso-text-animation:none; font-weight:normal; font-style:normal; text-decoration:none; text-underline:none; text-decoration:none; text-line-through:none;} span.EmailStyle18 {mso-style-type:personal-reply; mso-ansi-font-size:10.0pt; mso-ascii-font-family:Arial; mso-hansi-font-family:Arial; mso-bidi-font-family:Arial; color:navy;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style> </head> <body lang=EN-US link=blue vlink=purple style='tab-interval:.5in'> <div class=Section1> <p class=MsoNormal><span class=EmailStyle18><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size:12.0pt; font-family:"Courier New"'>Restating your problem. Every thing works as expected for requests originating from the public internet, But any requests origination from the LAN behind your firewall gets denied.<span style="mso-spacerun: yes"> </span>This could very well be a IPFW firewall rules problem. You have to have a IPFW rule to allow all originating LAN traffic to pass through the firewall. For each LAN Nic card you have on your GATEWAY/IPFW FBSD box, you must have an corresponding rule in the IPFW rules file like this. <span style="mso-spacerun: yes"> </span><o:p></o:p></span></font></span></p> <p class=MsoNormal><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:"Courier New"; mso-fareast-font-family:"MS Mincho";color:navy'>allow all from any to any via xl0<span style="mso-spacerun: yes"> </span>Where xl0 is the FBSD NIC card device name of your Lan Nic card.<span style="mso-spacerun: yes"> </span>This rule normally is located in the beginning of the IPFW rules file. If you still need help post your IPFW rules file for review.</span></font><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size: 12.0pt;font-family:"Courier New";mso-fareast-font-family:"MS Mincho"; color:navy;mso-color-alt:windowtext'><o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:"Courier New"; mso-fareast-font-family:"MS Mincho";color:navy'><![if !supportEmptyParas]> <![endif]></span></font><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size: 12.0pt;font-family:"Courier New";mso-fareast-font-family:"MS Mincho"; color:navy;mso-color-alt:windowtext'><o:p></o:p></span></font></p> <p class=MsoNormal><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:"Courier New"; mso-fareast-font-family:"MS Mincho";color:navy'>Joe</span></font><span class=EmailStyle18><font size=2 color=navy face="Courier New"><span style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:"Courier New"'><o:p></o:p></span></font></span></p> <p class=MsoNormal><span class=EmailStyle18><font size=2 color=navy face=Arial><span style='font-size:10.0pt;mso-bidi-font-size:12.0pt;font-family:Arial'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></font></span></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face=Tahoma><span style='font-size:10.0pt;font-family:Tahoma;color:black'>-----Original Message-----<br> <b><span style='font-weight:bold'>From:</span></b> owner-freebsd-questions@FreeBSD.ORG [mailto:owner-freebsd-questions@FreeBSD.ORG]<b><span style='font-weight:bold'>On Behalf Of </span></b>sagacious<br> <b><span style='font-weight:bold'>Sent:</span></b> Tuesday, July 23, 2002 3:21 AM<br> <b><span style='font-weight:bold'>To:</span></b> freebsd-questions@freebsd.org<br> <b><span style='font-weight:bold'>Subject:</span></b> Need help with DNS</span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=3 face="Times New Roman"><span style='font-size:12.0pt'><![if !supportEmptyParas]> <![endif]><o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>Hi. I changed my network setup a while ago. I had to put everything behind a firewall router due to a denial of service attack.. So now, I am specifying a “static” ip in my rc.conf, but it’s a local one, 192.168.1.20, I port forwarded all the services to that ip. The problem is, you can all go to my site, <a href="http://www.unixhideout.com/">http://www.unixhideout.com</a>, but if I click that url, my router pass box pops up… I had to temporarily change ALL the links in my site, for example <img src=<a href="http://www.unixhideout.com/img/blah.gif%20to%20%3cimg%20src=">http://www.unixhideout.com/img/blah.gif to <img src=</a>/img/blah.gif.. and I access the box using <a href="http://192.168.1.20/">http://192.168.1.20</a>; I don’t want to have to do this, and a lot of things do not work for me and its my site!! Well, I posted this a while ago, and a lot of people said if I ran my own DNS for my domain, I could stop this from happening.. Well I took the time to learn DNS a bit, and im running it now, and I was wondering exactly what I need to do.. In my unixhideout.com.hosts I specified this..<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'> <o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>$ttl 38400<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>SOA<span style="mso-spacerun: yes"> </span>labs. root.unixhideout.com. (<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'><span style="mso-spacerun: yes"> </span>1025839968<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'><span style="mso-spacerun: yes"> </span>10800<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'><span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span>3600<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'><span style="mso-spacerun: yes"> </span>604800<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'><span style="mso-spacerun: yes"> </span>38400 )<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>NS<span style="mso-spacerun: yes"> </span>labs<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>labs.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>root.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>RP<span style="mso-spacerun: yes"> </span>root.unixhideout.com. admin<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>Host-Info.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>HINFO<span style="mso-spacerun: yes"> </span>INTEL FreeBSD<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>mail.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>MX<span style="mso-spacerun: yes"> </span>10 65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>mail.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>smtp.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span><span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>www.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>pop3.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>irc.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>email.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>ftp.unixhideout.com.<span style="mso-spacerun: yes"> </span>IN<span style="mso-spacerun: yes"> </span>A<span style="mso-spacerun: yes"> </span>65.187.193.189<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'> <o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'>Everything works.. You guys (the net) can go to my site and use all the services. But I cannot.. I tried changing all those IPS to 192.168.1.20, and then I could use unixhideout.com and you couldn’t!! im losing my patience! Please tell me what I have to do for the internet AND ME to be able to use the domain I paid for! =] and when you explain pretend I’m 2 years old. Im fragile. Thanks!<o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='font-size:10.0pt;font-family:"Lucida Console"; color:black'> <o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='mso-no-proof: yes'><span style='font-size: 10.0pt;font-family:"Lucida Console";color:black'>sagacious (Mike)</span></span><span style='mso-no-proof:yes'></font><font color=black><span style='color:black'><o:p></o:p></span></font></p> </span> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='mso-no-proof: yes'><span style='font-size: 10.0pt;font-family:"Lucida Console";color:black'>Network administrator</span></span><span style='mso-no-proof:yes'></font><font color=black><span style='color:black'><o:p></o:p></span></font></p> </span> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='mso-no-proof: yes'><span style='font-size: 10.0pt;font-family:"Lucida Console";color:black'>The unixhideout network</span></span><span style='mso-no-proof:yes'></font><font color=black><span style='color:black'><o:p></o:p></span></font></p> </span> <p class=MsoNormal style='margin-left:.5in'><font size=2 color=black face="Lucida Console"><span style='mso-no-proof: yes'><span style='font-size: 10.0pt;font-family:"Lucida Console";color:black'><a href="http://www.unixhideout.com">http://www.unixhideout.com</a></span></span></font><font color=black><span style='color:black;mso-color-alt:windowtext'><o:p></o:p></span></font></p> <p class=MsoNormal style='margin-left:.5in'><font size=3 color=black face="Times New Roman"><span style='font-size:12.0pt;color:black'> </span></font><font color=black><span style='color:black;mso-color-alt:windowtext'><o:p></o:p></span></font></p> </div> </body> </html>
![http://www.unixhideout.com/img/blah.gif%20to%20%3cimg%20src=">http://www.unixhideout.com/img/blah.gif](http://www.unixhideout.com/img/blah.gif%20to%20%3cimg%20src=">http://www.unixhideout.com/img/blah.gif){kind=link}
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGOEDFCGAA.barbish>