On Thursday 04 July 2002 11:35, George Georgalis wrote: > >>ping galis.org just hangs. not sure how else to look up a name, am > >> I missing a package? What could be wrong? It does ping ip > >> addresses.
The ping works here, so it is safe to say that you are attempting global DNS and likely to a DMZ DNS server behind your router/firewall from what I can assume from different pieces of different posts. Are you attempting to resolve from this local DNS server or an ISP-based one??/ > 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:a0:cc:5a:b6:12 brd ff:ff:ff:ff:ff:ff > inet 192.168.9.66/24 scope global eth0 Hmmm, normally you use eth0 for your ISP connection, not the masq'ed LAN connection. Do the proper packages know that eth2 is your WAN connection and not eth0???? There are several packages that assume that eth0 is the WAN connection. > 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:a0:cc:d9:21:e0 brd ff:ff:ff:ff:ff:ff > inet 10.1.1.1/8 scope global eth1 > inet 10.0.0.1/8 scope global secondary eth1:1 > inet 10.0.0.2/8 scope global secondary eth1:2 > inet 10.0.0.3/8 scope global secondary eth1:3 > inet 10.0.0.4/8 scope global secondary eth1:4 OK, this is a DMZ right. I seems strange that you have a need to alias interfaces unless you are running multiple web-,ftp-, etc... servers in DMZ. In any case this is still a rather in-eloquent solution and a possible source of problems. > 5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:a0:cc:5b:1c:37 brd ff:ff:ff:ff:ff:ff > inet 62.81.93.66/26 scope global eth2 OK, this appears to be the default WAN connection. See note with eth0. > 6: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 > link/ether 00:40:05:41:9d:1d brd ff:ff:ff:ff:ff:ff > inet 201.13.105.34/27 scope global eth3 This appears to be a secondary WAN connection. I hope you have set up static routing for this interface/traffic. What exactly are you doing with this interface??? > 201.13.105.32/27 dev eth3 proto kernel scope link src > 201.13.105.34 62.81.93.64/26 dev eth2 proto kernel scope link src > 62.81.93.66 192.168.9.0/24 dev eth0 proto kernel scope link src > 192.168.9.66 10.0.0.0/8 dev eth1 proto kernel scope link src > 10.1.1.1 > 127.0.0.0/8 via 127.0.0.1 dev lo > default via 62.81.93.65 dev eth2 What a routing table!!! I believe you might want to drop one or two interfaces and get the name-resolution problem fixed before attempting this complicated of a setup. I will not assume what error you have made w/o knowing exactly what you have done to attempt this configuration. I would guess that something is wrong due to using two external interfaces and the configuration required to do this, OR no route/rules for the information to get back to (whatever segment your using) from the DMZ DNS server. This setup leaves us guessing at tons of possible mis-configuration. > Okay by me. I thought I had a development issue. My guess is I've > stripped something that's required for name resolution. So I ask, > what is used for host lookups (the udp/53 call) on lrp? Probably not a development issue, noone else has had problems with DNS problems unless it has been a mis-configuration issue. I would find it safe to assume that in this case as well. udp/53 is correct. if the routing and netfilter rules will allow the traffic to and from the proper subnets. By chance, you are not attempting to connect to a DMZ server from a Masq'ed subnet using an external ip address??? This will not work due to ip spoofing rules, you will need to use the private-DMZ addressing to connect from a Masq'ed subnet instead. I hope this helps, -- ~Lynn Avants aka Guitarlynn guitarlynn at users.sourceforge.net http://leaf.sourceforge.net If linux isn't the answer, you've probably got the wrong question! ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html