OK - now I get the picture. I had this exact problem. I can give you two other 
solutions that I have used. My present solution at my main campus for this 
private/public network address mapping problem is I run BIND9 on my Ubuntu 
LTSP. I put it in forward only mode to the real DNS server and create entries 
for the school domain I have public/private conflicts in. I then change the 
dhcpd.conf file so LTSP is the DNS server for the clients. 

Second I have come to use a standalone firewall machine in place of the Linksys 
router I started with based on PFSense. PFSense has a section where you can 
override the dns with static entries. When you give any machine inside you 
network the address of the PFsense box as dns server it overrides these static 
entries and passes the rest on to the real DNS. The PFSense also has a gateway 
VPN builtin which lets me seemlessly connect my other two campuses together. 
You can actually login to the pfsense box and run tcpdump to isolate issues 
both within and outside your network. I discovered a DDOS against my school 
mail server with this once. It has traffic graphs which show me in and out 
traffic by time of day. It has firewall logs and state tables which often allow 
problem resolution without tcpdump. It has proven far more robust and reliable 
than my Linksys box which I used to have to send someone to the wiring closet 
to reboot several times a week. 

Some samples from my LTSP BIND9 config files follow:

In file /etc/bind/named.conf.options add your ISP DNS server 1 and 2 as below. 
Note I replaced my ISP's real DNS servers with the xx.xx.xx... entries below

options {
        directory "/var/cache/bind";

        // If there is a firewall between you and nameservers you want
        // to talk to, you might need to uncomment the query-source
        // directive below.  Previous versions of BIND always asked
        // questions using port 53, but BIND 8.1 and later use an unprivileged
        // port by default.

        // query-source address * port 53;

        // If your ISP provided one or more IP addresses for stable 
        // nameservers, you probably want to use them as forwarders.  
        // Uncomment the following block, and insert the addresses replacing 
        // the all-0's placeholder.


        // forwarders {
        //      0.0.0.0;
        // };

        forward only;
        notify no;
        forwarders{
              xx.xx.xx.20;
              xx.xx.xx.21;
        };

In File /etc/bind/named.conf.local again I replaced my real internet name with 
xxxxxx.org. Note the 10.0.0 is matches my schools private internal address 
range. You would use your 192.168.... range instead

//
// Do any local configuration here
//

// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "xxxxxx.org" {
        type master;
        file "/etc/bind/xxxxxx.org";
};
zone "0.0.10.in-addr.arpa" in{
        type master;tcalex.org
        file "/etc/bind/10.0.0";
};

In File /etc/bind/xxxxxx.org where yyyyyyyy and xxxxxx replace my real names

$TTL    43200
@               IN      SOA     yyyyyyyy.xxxxxx.org.    
hostmaster.yyyyyyyy.xxxxxx.org. (
                        2001043001 ; serial
                        1H ; refresh
                        15M ; retry
                        14D ; expire
                        12H ; default_ttl
                        )
@               IN      MX      5       mail.xxxxxx.org.
@               IN      NS      yyyyyyyy.xxxxxx.org.
www             IN      A       10.0.0.211
fierylake       IN      A       10.0.0.1
adam            IN      A       10.0.0.4

In File 10.0.0 again yyyyyyyy and xxxxxx replace real names

$TTL    43200
@               IN      SOA     yyyyyyyy.xxxxxx.org. 
hostmaster.yyyyyyyy.xxxxxx.org. (
                        2001043001 ; serial
                        1H ; refresh
                        15M ; retry
                        14D ; expire
                        12H ; default_ttl
                        )
@               IN      NS      yyyyyyyy.xxxxxx.org.
1               IN      PTR     fierylake.xxxxxx.org.
211             IN      PTR     www.xxxxxx.org.
4               IN      PTR     adam.xxxxxx.org.








--- On Tue, 1/13/09, M Rathburn <[email protected]> wrote:

> From: M Rathburn <[email protected]>
> Subject: RE: Thin Client /etc/hosts entry
> To: [email protected]
> Date: Tuesday, January 13, 2009, 3:33 PM
> > -----Original Message-----
> > From: [email protected] 
> > [mailto:[email protected]] On
> Behalf Of 
> > Mickey Moore
> > Sent: Tuesday, January 13, 2009 3:01 PM
> > To: 'Edubuntu Users Group'
> > Subject: RE: Thin Client /etc/hosts entry
> > 
> > How will you use the DNS names? To ssh into one of the
> 
> > terminals you will first have to ssh into the LTSP
> which they 
> > are connected to. Since you will be creating the
> session from 
> > the LTSP to a client it should be sufficient to have
> the 
> > names in the /etc/host file of the LTSP server. You
> can 
> > assign specific IP addresses to specific devices by
> assigning 
> > it via MAC address in the DHCPD.conf on the LTSP. At
> least it 
> > is not clear to me how you would know a specific
> thin-client 
> > name/address ahead of time any other way. 
> > 
> > 
> ----------------------------
> 
> Running Firefox as a local app.


      

-- 
edubuntu-users mailing list
[email protected]
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/edubuntu-users

Reply via email to