/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Hi! Thanks for putting some thought into this... On Mon, 25 Aug 2003, David Ranch wrote: > >My question is: when I try to telnet on the internal LAN from this > >machine to another machine on the internal LAN, for some reason > >it wants to bring up the ppp link to complete the act - why?. > > Probably the receiving client is trying to reverse-resolve the > IP address who is trying to telnet to it. I finally figured out one thing that I was doing totally stupid. In my /etc/hosts files on the two linux machines, I had the FQDN and alias reversed. I fixed that all around, but that actually had no effect that I could detect on this particular behavior. I don't have DNS running on either of the linux machines (the access point nor the one desktop linux box) or on any of the WinXX nodes. > >This happens > >when I use the name of the other machine, but not when I use the > >local IP address of the other machine - yet the name of the other > >machine still resolves to the correct address (I'm using > >/etc/hosts and such, not bind). > > Are you using "hosts" files on both the SRC and DST machines? Yes. At least, they are there, and I believe I am using them. That is my intent anyway, and there is no named running anywhere (though I do have bind-8.2.2 installed for its other utilities, such as hostname and friends). > To prove this to yourself, run TCPDUMP on eth1 of the MASQ server > and then try the telnet from MASQ client #1 to client #2 by > name. What does the MASQ server see? Ok, will do this. Question: When you say eth1, what are you actually referring to? I have to network interfaces other than lo: ppp0, which is the "external network", and wlan0, which is the wireless NIC/access point. Are you saying run it on the NIC that supports the internal net (in this case, wlan0), or somehow attach it to some other interface that isn't already in use? > >Maybe I am expecting an outcome that can't happen, and that's really > >the gist of this particular question - is it the case that the box > >that's set up with forwarding and masq simply will always try to > >go onto the net via ppp0, since it in fact has forwarding and masq > >set up? > > No.. the problem is that you need to setup PPPD DNS filters to keep > the line down. Well, I had that idea in mind; but I can't seem to find any guidance on how to do that. Any pointers? Been all over the pppd included docs, and done a bunch of web searching, but so far, finding nothing. > >Or should I be able to accomplish what I am expecting, > >which is to be able to go off that box with a TCP service to > >somewhere else in my local net, and not expect to have to go outside > >to get a name or IP address? > > To do this, I recommend you setup an internal private DNS server on > the MASQ machine to keep this traffic off the Internet. You can also do this > with "hosts" files but this doesn't scale for long. I stabbed at actually running bind on the MASQ machine, but started getting very afraid with named.conf. After I had it about 90% set up, I believe, I said "why am I enduring this when everything on earth tells me I should be able to do this with /etc/hosts files?" I've only got the 5 machines (AP + 4), so scaling shouldn't produce dreadfully poor results (and I don't plan to add any more machines). I've been thinking that some kind of route needs to be defined, but am still not certain of that (within the kernel IP tables), and not sure if/how that would impact the rest of the MASQ setup. Any ideas if that's part of the picture? When I look at the kernel routing table, it SEEMS to have the right stuff in it (I can send a copy in a few hours when I get back to the machine, if useful), as there is an entry for both ppp0 and wlan0; but maybe more is needed to make this all work. ? Last item on this: When I have an /etc/resolv.conf that looks like: domain home.org nameserver 127.0.0.1 nameserver 206.246.194.10 (my ISP DNS) telnet and ftp go to ppp0. When I don't have the second nameserver entry, they don't, but any name that ISN'T one on my local net (say, ftp ftp.netscape.com) generates a name resolution error, as I would expect it to do. I'm also using the defaultroute parameter in pppd, because if I don't, then the line never picks up for anything. Thx for any additional help; am quite stuck here. _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
