Steven Kiehl wrote: > Everything seems to be running. I've got dhcpd listening on eth0 > (local) and eth1 (net) is about to receive its IP via dhcp from my ISP, > but when hit 'repair' on my local windows box, it fails to receive an IP > via dhcp, and nothing shows up in the logs on the firewall.
There are plenty of reasons for dhcp to fail that aren't related to the firewall. Steven Kiehl wrote: >Interestingly enough, I did the age-old restart the computer trick >and that has fixed the dhcp issue Now, does it stay working when you start the firewall ? If not then look to the firewall config, otherwise look elsewhere. >, but now I don't seem to have any dns servers on the local network. >Am I forced to copy the dns from /etc/resolv.conf? or is there a >trick I can use to locally point workstations to the firewall and >have the firewall redirect the requests to my ISP? I'd prefer not >to run any sort of tinydns or bind server since I expect I'll be >running a lot on it as it is. You do ONE (and only one) of two things : 1) Via DHCP you hand out the IP addresses of your ISPs DNS servers to your network devices (or statically configure the same addresses if you use static configs. 2) You hand out the address of 'a server' (probably your gateway machine in this case) on your internal network and run a DNS resolver on that. Bind is a doddle to set up, just copy the sample config that meets your needs - probably just use the forward-only example and fill in your ISPs DNS servers for the forwarders. A distinct advantage of running an internal server is that you can properly serve up names/addresses for your internal network to your clients - so you can access a device by name instead of having to remember it's address. Just one thing, please leave in the RFC1918 stub zones that are in the Bind sample configs - they avoid Bind going to the root servers to try and resolve all those private internal addresses (like 192.168.1.1) that things keep looking up. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys - and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
