RE: Need help with DNS

[Joe & Fhe Barbish]

Restating your problem. Every thing works as expected for requests originating from the public internet, But any requests origination from the LAN behind your firewall gets denied.  This could very well be a IPFW firewall rules problem. You have to have a IPFW rule to allow all originating LAN traffic to pass through the firewall. For each LAN Nic card you have on your GATEWAY/IPFW FBSD box, you must have an corresponding rule in the IPFW rules file like this.    allow all from any to any via xl0    Where xl0 is the FBSD NIC card device name of your Lan Nic card.  This rule normally is located in the beginning of the IPFW rules file. If you still need help post your IPFW rules file for review.   Joe   -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of sagacious Sent: Tuesday, July 23, 2002 3:21 AM To: [EMAIL PROTECTED] Subject: Need help with DNS   Hi. I changed my network setup a while ago. I had to put everything behind a firewall router due to a denial of service attack.. So now, I am specifying a “static” ip in my rc.conf, but it’s a local one, 192.168.1.20, I port forwarded all the services to that ip. The problem is, you can all go to my site, http://www.unixhideout.com, but if I click that url, my router pass box pops up… I had to temporarily change ALL the links in my site, for example <img src="http://www.unixhideout.com/img/blah.gif to <img src="/img/blah.gif.. and I access the box using http://192.168.1.20 I don’t want to have to do this, and a lot of things do not work for me and its my site!! Well, I posted this a while ago, and a lot of people said if I ran my own DNS for my domain, I could stop this from happening.. Well I took the time to learn DNS a bit, and im running it now, and I was wondering exactly what I need to do.. In my unixhideout.com.hosts I specified this..   $ttl 38400 unixhideout.com.        IN      SOA     labs. root.unixhideout.com. (                         1025839968                         10800                         3600                         604800                         38400 ) unixhideout.com.        IN      NS      labs labs.unixhideout.com.   IN      A       65.187.193.189 root.unixhideout.com.   IN      RP      root.unixhideout.com. admin Host-Info.unixhideout.com.      IN      HINFO   INTEL FreeBSD mail.unixhideout.com.   IN      MX      10 65.187.193.189 unixhideout.com.        IN      A       65.187.193.189 mail.unixhideout.com.   IN      A       65.187.193.189 smtp.unixhideout.com.   IN      A       65.187.193.189 www.unixhideout.com.    IN      A       65.187.193.189 pop3.unixhideout.com.   IN      A       65.187.193.189 irc.unixhideout.com.    IN      A       65.187.193.189 email.unixhideout.com.  IN      A       65.187.193.189 ftp.unixhideout.com.    IN      A       65.187.193.189   Everything works.. You guys (the net) can go to my site and use all the services. But I cannot.. I tried changing all those IPS to 192.168.1.20, and then I could use unixhideout.com and you couldn’t!! im losing my patience! Please tell me what I have to do for the internet AND ME to be able to use the domain I paid for! =] and when you explain pretend I’m 2 years old. Im fragile. Thanks!   sagacious (Mike) Network administrator The unixhideout network http://www.unixhideout.com