Florin [[EMAIL PROTECTED]] wrote:
> ok, so you have an internet connection using dhcp.
> The firewall expects the eth1 interface to be the external/internet
> interface and eth0 is the internal/LAN one. The
> configuration should also
> work the other way around ... When you configure that
> internet connection
> you should specify a DNS server. These entries, DNS primary
> or secondary,
> that are not supposed to change very often on the provider
> side, will be
> copied bye the /usr/share/naat/templates/etc/dhcpd.conf
> template (see the
> perl sections between the { ... } marks) and create the
> /etc/dhcpd.conf
> dhcp configuration file.
_Should_ not change, but does infact change. I noticed when I was playing
around with this problem that my provider here at work had changed the
primary DNS-server, maybe they have a pool of servers and alters the dhcp
configurations between them or mayby they where doing some upgrades but
anyway I got a new primary DNS. So things changes and you have no idea when
it happens.
> The idea is to specify the DNS entries while configuring the
> eth1, even if
> this works without specifying it. Indeed, the provider dhcp
> server will
> provide the dns servers entries too.
Yes that is one way to do it IF your ISP tells you what DNS servers to use.
I have a cable connection (chello) and a ADSL connection at home and neither
of those ISP's like to provide any information to the customers on how to
manually configure your system since they require you to use dhcp. So in a
future release of your firewall (advanced firewall perhaps) I'd like some
way to get around the problem or at least som configuration help. One way to
do it would be by grepping the information from the dhcpc-info file and
simply presenting it in the configuration gui.
>
> > One way to do it would be to have a caching dns in the firewall and
> > configure the dhcp-server to export the firewall as a dns
> server for the
> > clients. This is how I have had it configured before since
> it removes the
> > dependency between the information from the internet
> provider and the
> > configuration of the internal dhcp-server.
> >
>
> Yes, you could also install a caching name-server on the
> firewall, you're
> right. You can find, if my memory is correct, the right package on the
> firewall cd: caching-nameserver and/or bind*.
Maybe this would be a configurable option as DHPC server now is in a future
release :-) Or maybe bind should be started as default when the firewall has
a DHCP-server running ?
BTW I edited your squidGuard.conf a litte just adding a section for ads that
returns a empty HTML document and now it looks much better , no ads att all
:-)
/Anders
