[Shorewall-users] DNS problems with Shorewall setup

Marian Radulescu marian_r@rdstm.ro
Sun, 07 Apr 2002 22:53:11 +0300


--------------000800010706070603010109
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Hi everybody,

I need some help an this is the best place to get it [:)]
I have installed Bering 1.0rc1 with latest version of Shorewall. Now my 
site is looking like this:

1st router:
eth0  - internet connection 1.2.3.4
eth1 192.168.100.254/24 - dmz
eth2 192.168.200.254/24 - local
wlan0 192.168.1.254/24 - wireless lan (acting like an AP)

2nd router
wlan0 192.168.1.253 -wireless lan
eth0 192.168.10.254 - wired remote lan

The 2nd router is acting like "bridge": has 192.168.1.254 as a default 
gateway and has enabled proxy arp enabled on both interfaces.


1st router is running tinydns/dnscache for internal/external dns and 
Shorewall. I am probably a little bit confused (i am a user of shorewall 
:)) because in my setup i can ping everything in internal/internet using 
ip addresses but i cannot get outside using names from hosts behing the 
second router.  Any ideea where i am getting wrong?

Here is my actual (for testing only) config:

# Shorewall 1.2 
/etc/shorewall/params                                          
#                                                                               

##############################################################################  

NET_IF=eth0                                                                     

NET_BCAST=detect
NET_OPTIONS=                                                                    

                                                                               

DMZ_IF=eth1                                                                     

DMZ_BCAST=detect                                                                

DMZ_OPTIONS=routestopped,multi                                                  

                                                                               

LOC_IF=eth2                                                                     

LOC_BCAST=detect                                                                

LOC_OPTIONS=routestopped,multi                                                  

                                                                               

WLAN_IF=wlan0                                                                   

WLAN_BCAST=detect                                                               

WLAN_OPTIONS=routestopped,multi                                                 


# Shorewall 1.2 
/etc/shorewall/zones                                            
#                                                                               

# This file determines your network zones. Columns 
are:                        
#                                                                               

#       ZONE            Short name of the 
zone                                 #       DISPLAY         Display 
name of the zone                               #       COMMENTS        
Comments about the zone                                
#                                                                               

#ZONE   DISPLAY         
COMMENTS                                               net     
Net             Internet                                               
loc     Local           Local 
networks                                         #wlan   WLan            
Wireless Network                                       dmz     
DMZ             Demilitarized zone    

#                                                                               

# Shorewall 1.2 -- Interfaces 
File                                             
#                                                                               

# 
/etc/shorewall/interfaces                                                     

#                                                                               

##############################################################################  

#ZONE    INTERFACE      BROADCAST       
OPTIONS                                net     $NET_IF         
$NET_BCAST      $NET_OPTIONS                           loc     
$LOC_IF         $LOC_BCAST      $LOC_OPTIONS                           
loc     $WLAN_IF        $WLAN_BCAST     
$WLAN_OPTIONS                          dmz     $DMZ_IF         
$DMZ_BCAST      $DMZ_OPTIONS   
#                                                                               

# Shorewall 1.2 - 
/etc/shorewall/hosts                                         
#                                                                               

#ZONE           HOST(S)                 
OPTIONS                                loc             
eth2:192.168.200.0/24   routestopped                           
loc             wlan0:192.168.1.0/24    
routestopped                           loc             
wlan0:192.168.10.0/24   routestopped                           
dmz             eth1:192.168.100.0/24   routestopped 
##############################################################################  

#RESULT         CLIENT(S) SERVER(S)     PROTO   PORT(S) CLIENT PORT(S) 
ADDRESS 
#                                                                               

# Allow SSH from the local 
network                                             
#                                                                               

ACCEPT          loc       $FW           tcp     
ssh,www,domain                 ACCEPT          loc       $FW           
udp     domain                         
#                                                                               

# Allow SSH and Auth from the 
internet                                         
#                                                                               

ACCEPT          net       $FW           tcp     
ssh,auth                       
#                                                                               

# Run an NTP daemon on the firewall that is synced with outside 
sources        
#                                                                               

ACCEPT          $FW       net           udp     
ntp                            #LAST LINE -- ADD YOUR ENTRIES BEFORE 
THIS ONE -- DO NOT REMOVE               
                                                                
#                                                                               

##############################################################################  

#INTERFACE              SUBNET                  
ADDRESS                        $NET_IF                 
$LOC_IF                                                
$NET_IF                 
$DMZ_IF                                                
$NET_IF                 
$WLAN_IF                                               
$NET_IF                 
192.168.1.0/24                                         
##############################################################################  

#LAST LINE -- ADD YOUR ENTRIES ABOVE THIS LINE -- DO NOT 
REMOVE               



--------------000800010706070603010109--