On Thu, Jul 04, 2002 at 02:05:21PM -0500, guitarlynn wrote: >On Thursday 04 July 2002 11:35, George Georgalis wrote: > >> >>ping galis.org just hangs. not sure how else to look up a name, am >> >> I missing a package? What could be wrong? It does ping ip >> >> addresses. > >The ping works here, so it is safe to say that you are attempting global >DNS and likely to a DMZ DNS server behind your router/firewall from >what I can assume from different pieces of different posts. Are you >attempting to resolve from this local DNS server or an ISP-based one??/
Yes, the dns cache/server is on a LAN host using another firewall/gateway. The problem turns out to have been an incorrect resolv.conf that I thought I checked, err umm, thought I checked *first*. >> 3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:a0:cc:5a:b6:12 brd ff:ff:ff:ff:ff:ff >> inet 192.168.9.66/24 scope global eth0 > >Hmmm, normally you use eth0 for your ISP connection, not the masq'ed LAN >connection. Do the proper packages know that eth2 is your WAN connection >and not eth0???? There are several packages that assume that eth0 is >the WAN connection. Some time back I learned to bring up secure networks first then insecure. dhcp can't figure this out so if I'm not on static ISP put the internet on eth0. I don't think it makes much difference actually, as long as programs are configured right. I haven't had any other problems anyway. >> 4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:a0:cc:d9:21:e0 brd ff:ff:ff:ff:ff:ff >> inet 10.1.1.1/8 scope global eth1 >> inet 10.0.0.1/8 scope global secondary eth1:1 >> inet 10.0.0.2/8 scope global secondary eth1:2 >> inet 10.0.0.3/8 scope global secondary eth1:3 >> inet 10.0.0.4/8 scope global secondary eth1:4 > >OK, this is a DMZ right. I seems strange that you have a need to alias >interfaces unless you are running multiple web-,ftp-, etc... servers in >DMZ. In any case this is still a rather in-eloquent solution and a >possible source of problems. yeah, just an artifact of my stock networking scripts. When I set up apache DMZ vhosts, I like to have them on different IPs, so even if they are on the same computer now, moving them to another computer will be easy. >> 5: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:a0:cc:5b:1c:37 brd ff:ff:ff:ff:ff:ff >> inet 62.81.93.66/26 scope global eth2 > >OK, this appears to be the default WAN connection. See note with eth0. > > >> 6: eth3: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100 >> link/ether 00:40:05:41:9d:1d brd ff:ff:ff:ff:ff:ff >> inet 201.13.105.34/27 scope global eth3 > >This appears to be a secondary WAN connection. I hope you have set up >static routing for this interface/traffic. What exactly are you doing >with this interface??? In the short term, we are changing ISPs and this box will be catching both of them for a spell. I might find an excuse to try iproute2 load balancing. but we won't need it, and the original isp will go away, with the big plus of then being able to fit a video card in this box X-) >> 201.13.105.32/27 dev eth3 proto kernel scope link src >> 201.13.105.34 62.81.93.64/26 dev eth2 proto kernel scope link src >> 62.81.93.66 192.168.9.0/24 dev eth0 proto kernel scope link src >> 192.168.9.66 10.0.0.0/8 dev eth1 proto kernel scope link src >> 10.1.1.1 >> 127.0.0.0/8 via 127.0.0.1 dev lo >> default via 62.81.93.65 dev eth2 > >What a routing table!!! I believe you might want to drop one or two >interfaces and get the name-resolution problem fixed before attempting >this complicated of a setup. I will not assume what error you have made >w/o knowing exactly what you have done to attempt this configuration. >I would guess that something is wrong due to using two external >interfaces and the configuration required to do this, OR no route/rules >for the information to get back to (whatever segment your using) from >the DMZ DNS server. This setup leaves us guessing at tons of possible >mis-configuration. Sorry, I guess an 'internet' resolver got put in resolv.conf while I was making this image on another network. Since somebody unplugged the gateway connection, it just wasn't getting a responce... even though I thought it was looking at the LAN resolver. Thanks for all the help! :-) // George -- GEORGE GEORGALIS, System Admin/Architect cell: 347-451-8229 Security Services, Web, Mail, mailto:[EMAIL PROTECTED] File, Print, DB and DNS Servers. http://www.galis.org/george ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
