[Firehol-support] Basic lan gateway
Marcus Williams
marcus at quintic.co.uk
Thu Jun 23 11:34:54 BST 2005
Hi -
I set up a new machine last week with firehol as a basic lan gateway.
The config I used was (standard tutorial tweaked for certain services
and from ppp to eth1 for internet):
version 5
# The network of our eth0 LAN.
home_ips="192.9.200.0/24"
interface eth0 home src "${home_ips}"
policy reject
server "dns ssh icmp" accept
client "icmp" accept
interface eth1 internet src not "${home_ips} ${UNROUTABLE_IPS}"
protection strong 10/sec 10
server ident reject with tcp-reset
client all accept
router internet2home inface eth1 outface eth0
masquerade reverse
client all accept
server ident reject with tcp-reset
eth1 gets a private IP of 192.168.0.2 via dhcp from the adsl router. DNS
is running on this box serving as a dns cache for external dns, and as
standard dns for internal dns requests if you see what I mean. You can
do both internal and external DNS requests from this box with no
problems and internet access works fine.
This was working all week until the machine got rebooted this morning
and the routing of external dns queries has just stopped. LAN machines
can query internal machine hostnames from this box, but external
queries just break very quickly with cannot connect to server errors.
You can ping an external IP so the masq seems to be working. DNS appears
to be knackered though from the internal LAN.
If I watch the traffic on eth1 with tcpdump dns queries are occuring but
they've already timed out on the querying machine (it comes back with
the error pretty fast). I'm wondering if I'm missing something in the
config? Perhaps the protection limits are breaking things?
Any ideas?
Thanks
Marcus
--
Marcus Williams -- http://www.cad-schroer.co.uk
CAD Schroer UK, 39 Newnham Road, Cambridge, UK
More information about the Firehol-support
mailing list