[Devil-Linux-discuss] DNS problem

[Chad M. <ch...@th...>]

I'm trying to get my DL installation running properly, and I seem to 
be very close, but I don't seem to be getting the DNS goodies to my 
internal network.

Here's the setup:
ISP -> DL -> 192.168.0.0 network

DL gets its IP over DHCP from the ISP.  This seems to work fine.  My 
internal network is all static IPs.  I can ping the DL internal 
interface from a computer on the internal network with no problem. 
The problem is that the computers on the host aren't getting their DNS 
requests forwarded on to the ISP's DNS servers, I think.

For example, http://64.12.151.215/ comes up in a browser, but 
www.netscape.com doesn't.  Curiously, pinging that IP address results 
in 100% packet loss.

Do I need to set up a DNS server on DL?  I'd think not, since the 
Netgear RT311 I'm currently using as a router doesn't do that, AFAIK.

In case it's useful, I've appended my firewall script below, generated 
from fwbuilder.  Note that I had to comment out the ip -f commands 
about halfway through, since DL doesn't have the ip command.

Thanks for all the help,
Chad Martin

#!/bin/sh
#
#  This is automatically generated file. DO NOT MODIFY !
#
#  Firewall Builder  fwb_iptables v1.0.2
#
#  Generated Sat Jun 22 19:25:50 2002 EST by chad
#
#
#
#

if [ -x /usr/bin/logger ]; then
   logger -p info "Activating firewall script Devil.fw generated Sat 
Jun 22 19:25:50 2002 EST by chad"
fi

MODULE_DIR="/lib/modules/`uname -r`/kernel/net/ipv4/netfilter/"
MODULES="ip_conntrack ip_conntrack_ftp ip_nat_ftp ip_conntrack_irc 
ip_nat_irc"
for module in $(echo $MODULES); do
   if [ -e "${MODULE_DIR}/${module}.o" -o -e 
"${MODULE_DIR}/${module}.o.gz" ]; then
     modprobe -k ${module} ||  exit 1
   fi
done


FWD=`cat /proc/sys/net/ipv4/ip_forward`
echo "0" > /proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/ip_dynaddr

echo "1" > /proc/sys/net/ipv4/conf/all/rp_filter

echo "30" > /proc/sys/net/ipv4/tcp_fin_timeout

echo "1800" > /proc/sys/net/ipv4/tcp_keepalive_intvl

iptables -P OUTPUT  DROP
iptables -P INPUT   DROP
iptables -P FORWARD DROP




cat /proc/net/ip_tables_names | while read table; do
   iptables -t $table -L -n | while read c chain rest; do
       if test "X$c" = "XChain" ; then
         iptables -t $table -F $chain
       fi
   done
   iptables -t $table -X
done


#ip -f inet addr flush dev eth1 scope link
#ip -f inet addr flush dev l0 scope link




iptables -A INPUT   -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT  -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
#
#   NAT Rule #0
#
iptables -t nat -A POSTROUTING  -o eth0 -s 192.168.0.0/255.255.255.0 
-d 0/0 -j MASQUERADE
#
#   Interface Rule #0
#
#    Anti-spoofing rule
#
iptables -N IRULE_0_eth0
iptables -A INPUT -i eth0  -s 192.168.0.0/255.255.255.0 -j IRULE_0_eth0
iptables -A FORWARD -i eth0  -s 192.168.0.0/255.255.255.0 -j IRULE_0_eth0
iptables -A INPUT -i eth0  -s 192.168.0.1 -j IRULE_0_eth0
iptables -A FORWARD -i eth0  -s 192.168.0.1 -j IRULE_0_eth0
iptables -A IRULE_0_eth0  -j LOG   --log-level 6 --log-prefix "RULE 0 
-- Deny "
iptables -A IRULE_0_eth0  -j DROP
#
#   Interface Rule #1
#
#    Anti-spoofing rule
#

iptables -N F_IRULE_1_eth0
iptables -A FORWARD -o eth0  -j F_IRULE_1_eth0
iptables -A F_IRULE_1_eth0 -o eth0  -s 192.168.0.0/255.255.255.0 -j RETURN
iptables -N O_IRULE_1_eth0
iptables -A OUTPUT -o eth0  -j O_IRULE_1_eth0
iptables -A O_IRULE_1_eth0 -o eth0  -j RETURN
iptables -N IRULE_1_eth0
iptables -A F_IRULE_1_eth0 -o eth0  -j IRULE_1_eth0
iptables -A O_IRULE_1_eth0 -o eth0  -j IRULE_1_eth0
iptables -A IRULE_1_eth0  -j LOG   --log-level 6 --log-prefix "RULE 1 
-- Deny "
iptables -A IRULE_1_eth0  -j DROP
#
#   Interface Rule #0
#
#    allow everything on loopback
#
iptables -N IRULE_0_l0
iptables -A INPUT -i l0  -j IRULE_0_l0
iptables -A FORWARD -i l0  -j IRULE_0_l0
iptables -A OUTPUT -o l0  -j IRULE_0_l0
iptables -A FORWARD -o l0  -j IRULE_0_l0
iptables -A IRULE_0_l0  -j ACCEPT
#
#    Rule #0
#
#    block fragments
#
iptables -N RULE_0
iptables -A OUTPUT  -j RULE_0 -f
iptables -A INPUT  -j RULE_0 -f
iptables -A FORWARD  -j RULE_0 -f
iptables -A RULE_0  -j LOG   --log-level 6 --log-prefix "RULE 0 -- Deny "
iptables -A RULE_0  -j DROP
#
#    Rule #1
#
#    'masquerading' rule
#
iptables -N RULE_1
iptables -A INPUT  -m state --state NEW  -s 192.168.0.0/255.255.255.0 
-j RULE_1
iptables -A FORWARD  -m state --state NEW  -s 
192.168.0.0/255.255.255.0 -j RULE_1
iptables -A RULE_1  -j ACCEPT
#
#  Final rules
#
iptables -A INPUT      -j DROP
iptables -A OUTPUT     -j DROP
iptables -A FORWARD    -j DROP

echo "1" > /proc/sys/net/ipv4/ip_forward