On Thursday 04 July 2002 11:35, George Georgalis wrote:

> >>ping galis.org just hangs. not sure how else to look up a name, am
> >> I missing a package? What could be wrong? It does ping ip
> >> addresses.

The ping works here, so it is safe to say that you are attempting global
DNS and likely to a DMZ DNS server behind your router/firewall from
what I can assume from different pieces of different posts. Are you 
attempting to resolve from this local DNS server or an ISP-based one??/


> 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:a0:cc:5a:b6:12 brd ff:ff:ff:ff:ff:ff
>     inet 192.168.9.66/24 scope global eth0

Hmmm, normally you use eth0 for your ISP connection, not the masq'ed LAN
connection. Do the proper packages know that eth2 is your WAN connection
and not eth0???? There are several packages that assume that eth0 is
the WAN connection.


> 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:a0:cc:d9:21:e0 brd ff:ff:ff:ff:ff:ff
>     inet 10.1.1.1/8 scope global eth1
>     inet 10.0.0.1/8 scope global secondary eth1:1
>     inet 10.0.0.2/8 scope global secondary eth1:2
>     inet 10.0.0.3/8 scope global secondary eth1:3
>     inet 10.0.0.4/8 scope global secondary eth1:4

OK, this is a DMZ right. I seems strange that you have a need to alias
interfaces unless you are running multiple web-,ftp-, etc... servers in
DMZ. In any case this is still a rather in-eloquent solution and a
possible source of problems.


> 5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:a0:cc:5b:1c:37 brd ff:ff:ff:ff:ff:ff
>     inet 62.81.93.66/26 scope global eth2

OK, this appears to be the default WAN connection. See note with eth0.


> 6: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
>     link/ether 00:40:05:41:9d:1d brd ff:ff:ff:ff:ff:ff
>     inet 201.13.105.34/27 scope global eth3

This appears to be a secondary WAN connection. I hope you have set up 
static routing for this interface/traffic. What exactly are you doing
with this interface???


> 201.13.105.32/27 dev eth3  proto kernel  scope link  src
> 201.13.105.34 62.81.93.64/26 dev eth2  proto kernel  scope link  src
> 62.81.93.66 192.168.9.0/24 dev eth0  proto kernel  scope link  src
> 192.168.9.66 10.0.0.0/8 dev eth1  proto kernel  scope link  src
> 10.1.1.1
> 127.0.0.0/8 via 127.0.0.1 dev lo
> default via 62.81.93.65 dev eth2

What a routing table!!! I believe you might want to drop one or two
interfaces and get the name-resolution problem fixed before attempting
this complicated of a setup. I will not assume what error you have made
w/o knowing exactly what you have done to attempt this configuration.
I would guess that something is wrong due to using two external
interfaces and the configuration required to do this, OR no route/rules
for the information to get back to (whatever segment your using) from
the DMZ DNS server. This setup leaves us guessing at tons of possible
mis-configuration.


> Okay by me. I thought I had a development issue. My guess is I've
> stripped something that's required for name resolution. So I ask,
> what is used for host lookups (the udp/53 call) on lrp?

Probably not a development issue, noone else has had problems with
DNS problems unless it has been a mis-configuration issue. I would 
find it safe to assume that in this case as well. udp/53 is correct. if
the routing and netfilter rules will allow the traffic to and from the 
proper subnets. By chance, you are not attempting to connect to a
DMZ server from a Masq'ed subnet using an external ip address???
This will not work due to ip spoofing rules, you will need to use the 
private-DMZ addressing to connect from a Masq'ed subnet instead.

I hope this helps,
-- 

~Lynn Avants
aka Guitarlynn

guitarlynn at users.sourceforge.net
http://leaf.sourceforge.net

If linux isn't the answer, you've probably got the wrong question!


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Caffeinated soap. No kidding.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

Reply via email to