OK - now I get the picture. I had this exact problem. I can give you two other
solutions that I have used. My present solution at my main campus for this
private/public network address mapping problem is I run BIND9 on my Ubuntu
LTSP. I put it in forward only mode to the real DNS server and create entries
for the school domain I have public/private conflicts in. I then change the
dhcpd.conf file so LTSP is the DNS server for the clients.
Second I have come to use a standalone firewall machine in place of the Linksys
router I started with based on PFSense. PFSense has a section where you can
override the dns with static entries. When you give any machine inside you
network the address of the PFsense box as dns server it overrides these static
entries and passes the rest on to the real DNS. The PFSense also has a gateway
VPN builtin which lets me seemlessly connect my other two campuses together.
You can actually login to the pfsense box and run tcpdump to isolate issues
both within and outside your network. I discovered a DDOS against my school
mail server with this once. It has traffic graphs which show me in and out
traffic by time of day. It has firewall logs and state tables which often allow
problem resolution without tcpdump. It has proven far more robust and reliable
than my Linksys box which I used to have to send someone to the wiring closet
to reboot several times a week.
Some samples from my LTSP BIND9 config files follow:
In file /etc/bind/named.conf.options add your ISP DNS server 1 and 2 as below.
Note I replaced my ISP's real DNS servers with the xx.xx.xx... entries below
options {
directory "/var/cache/bind";
// If there is a firewall between you and nameservers you want
// to talk to, you might need to uncomment the query-source
// directive below. Previous versions of BIND always asked
// questions using port 53, but BIND 8.1 and later use an unprivileged
// port by default.
// query-source address * port 53;
// If your ISP provided one or more IP addresses for stable
// nameservers, you probably want to use them as forwarders.
// Uncomment the following block, and insert the addresses replacing
// the all-0's placeholder.
// forwarders {
// 0.0.0.0;
// };
forward only;
notify no;
forwarders{
xx.xx.xx.20;
xx.xx.xx.21;
};
In File /etc/bind/named.conf.local again I replaced my real internet name with
xxxxxx.org. Note the 10.0.0 is matches my schools private internal address
range. You would use your 192.168.... range instead
//
// Do any local configuration here
//
// Consider adding the 1918 zones here, if they are not used in your
// organization
//include "/etc/bind/zones.rfc1918";
zone "xxxxxx.org" {
type master;
file "/etc/bind/xxxxxx.org";
};
zone "0.0.10.in-addr.arpa" in{
type master;tcalex.org
file "/etc/bind/10.0.0";
};
In File /etc/bind/xxxxxx.org where yyyyyyyy and xxxxxx replace my real names
$TTL 43200
@ IN SOA yyyyyyyy.xxxxxx.org.
hostmaster.yyyyyyyy.xxxxxx.org. (
2001043001 ; serial
1H ; refresh
15M ; retry
14D ; expire
12H ; default_ttl
)
@ IN MX 5 mail.xxxxxx.org.
@ IN NS yyyyyyyy.xxxxxx.org.
www IN A 10.0.0.211
fierylake IN A 10.0.0.1
adam IN A 10.0.0.4
In File 10.0.0 again yyyyyyyy and xxxxxx replace real names
$TTL 43200
@ IN SOA yyyyyyyy.xxxxxx.org.
hostmaster.yyyyyyyy.xxxxxx.org. (
2001043001 ; serial
1H ; refresh
15M ; retry
14D ; expire
12H ; default_ttl
)
@ IN NS yyyyyyyy.xxxxxx.org.
1 IN PTR fierylake.xxxxxx.org.
211 IN PTR www.xxxxxx.org.
4 IN PTR adam.xxxxxx.org.
--- On Tue, 1/13/09, M Rathburn <[email protected]> wrote:
> From: M Rathburn <[email protected]>
> Subject: RE: Thin Client /etc/hosts entry
> To: [email protected]
> Date: Tuesday, January 13, 2009, 3:33 PM
> > -----Original Message-----
> > From: [email protected]
> > [mailto:[email protected]] On
> Behalf Of
> > Mickey Moore
> > Sent: Tuesday, January 13, 2009 3:01 PM
> > To: 'Edubuntu Users Group'
> > Subject: RE: Thin Client /etc/hosts entry
> >
> > How will you use the DNS names? To ssh into one of the
>
> > terminals you will first have to ssh into the LTSP
> which they
> > are connected to. Since you will be creating the
> session from
> > the LTSP to a client it should be sufficient to have
> the
> > names in the /etc/host file of the LTSP server. You
> can
> > assign specific IP addresses to specific devices by
> assigning
> > it via MAC address in the DHCPD.conf on the LTSP. At
> least it
> > is not clear to me how you would know a specific
> thin-client
> > name/address ahead of time any other way.
> >
> >
> ----------------------------
>
> Running Firefox as a local app.
--
edubuntu-users mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/edubuntu-users
