On Wed, Feb 05, 2003 at 10:14:36PM +0000, Pigeon wrote: > On Tue, Feb 04, 2003 at 10:50:43PM +0000, Pigeon wrote: > > So: the main box is 192.168.1.1, the modem box is 192.168.1.2. I add > > "gateway 192.168.1.2" to /etc/network/interfaces on the main box and > > run /etc/init.d/networking restart. > > > > On the modem box I do > > echo 1 > /proc/sys/net/ipv4/ip_forward > > ipchains -A forward -s 192.168.1.1/32 -d 0.0.0.0/0 -j ACCEPT -b > > ipchains -P forward ACCEPT > > pon ukonline > > ping 195.40.1.36 (this is a ukonline DNS server) > > ... and it works. > > > > I go back to the main box and try and ping the same address, and > > nothing happens. > > > > Different approach. Now on the modem box I do: > > modprobe ipt_MASQUERADE > iptables -F > iptables -t nat -F > iptables -t mangle -F > iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE > echo 1 > /proc/sys/net/ipv4/ip_forward > > And from the main box, I can get through the modem box and out onto > the net. I can ping 195.40.1.36 from the main box and it works. > > The problem now is DNS. My ISP uses dynamic DNS, so I am used to > having ppp rewrite my /etc/resolv.conf every time I connect. Now, of > course, the modem box is doing the connecting, so the main box's > /etc/resolv.conf does not get updated. The ISP seems to be giving me > any two out of three nameservers, so I could fudge it by putting all > three in the main box's /etc/resolv.conf, but I'd rather have it > updating automatically like it's supposed to. > > So I have resorted to a VILE HACK. The main box exports its /etc via > NFS to the modem box. A script in the modem box's /etc/ppp/ip-up.d > then copies the modem box's newly updated /etc/resolv.conf across to > the main box whenever I connect.
Grotesque. Now you've gone and installed portmap and NFS services on your gateway box which can't be that great of an idea security-wise. > I'm sure there must be a less vile method of doing this... what is it? Install DNS caching software on the gateway (the modem box). Have all internal machines use the gateway as their nameserver (use a static resolv.conf). You can use BIND as a caching only nameserver, and of course there are other choices like dnsmasq, maradns, pdnsd, and DJB's dnscache. -- Nathan Norman - Incanus Networking mailto:[EMAIL PROTECTED] No. > Should I include quotations after my reply? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
