On 11 nov. 04, at 18:27, Alexander Dalloz wrote:
Am Do, den 11.11.2004 schrieb Pierre-Yves Berger um 18:14:
I just installed FC3 on a system I use as nat. eth0 gets a dynamic address from my ISP. eth1 has a static local address.
I did the configuration as described in the NAT-HOWTO document at www.netfilter.org.
Now, from the computers on my local network, I cannot access Internet using the names. I can access everything with ip numeric addresses. From the nat computer, I can access everything (names and numeric addresses).
This problem description normally says that the NATed hosts have no valid nameserver knowledge.
The computers on the local network have correct DNS entries and worked correctly before I swapped my old (hardware) unstable FC2 box with a newer FC3 box.
To where do the DNS entries on the NATed clients point?
Pierre-Yves
Alexander
resolv.conf contains the following entries : nameserver 80.83.47.10 nameserver 80.83.47.157
These are correct for my ISP.
I can ping them from my NATed client but nslookup or dig could not connect.
Then, I tried to log rejected packets in iptables on the NAT system and got those in
/var/log/messages
Nov 11 21:30:29 gate kernel: IN=eth1 OUT=eth0 SRC=x.x.x.x DST=80.83.47.157 \
LEN=58 TOS=0x00 PREC=0x00 TTL=63 ID=37097 PROTO=UDP SPT=2027 \
DPT=53 LEN=38
Nov 11 21:30:29 gate kernel: IN=eth1 OUT=eth0 SRC=x.x.x.x DST=80.83.47.10 \
LEN=58 TOS=0x00 PREC=0x00 TTL=63 ID=37100 PROTO=UDP SPT=2030 \
DPT=53 LEN=38
with x.x.x.x being my NATed client address.
So, I added a rule in iptables that says
-A RH-Firewall-1-INPUT -i eth1 -j ACCEPT
at the beginning of the RH-Firewall-1-INPUT chain and I have again access to the world :-)
Is there a better way to do this ?
I may add that this is my home network with 2 Macs and a Linux system and users are not
a security risk, at least not deliberately.
Pierre-Yves
