Re: IP masquerading in Linux

Re: IP masquerading in Linux

[Sebastian Taralunga]

Hello Victor, 

You have to specify a nameserver for the clients. IP
masquerading simply means that the gateway passes all
requests to the outside world and knows how to handle back
the responses. If you do not specify a nameserver, the
clients simply do not know whom to send their
name-resolution requests...

If you want to have the name-server handle your DNS requests
as well you will have to either install a name-server on the
gateway or to use transparent proxy and redirect (using
ipchains) all the DNS requests from the clients to the
appropriate name-servers.

Best Regards, 

Sebastian 
___________________________________________________________
Office: (+40)/1/6.504.430             Mob: (+40)/92/202.086    
Snail:  Sebastian Taralunga, C.P. 13-20, Bucharest, Romania
E-mail:	seba@tcx.ro                  WWW: http://www.tcx.ro

On Sat, 25 Mar 2000, Victor Tsaran wrote:

> Hello, listers!
> I know some of you already setup IP masquerading on your machines, therefore
> a question. Did you have to specify DNS servers for both client and the
> server or just for the server? Initially, I thought that once the serverhas
> a list of search domains, the client shouldn't care about them, it just
> sends IP packets out to the server. Server forwards them to the output
> chain. Apparently, it looks as though client also needs to have a DNS entry
> to be able to convert names into IP addresses, which are then sent to the
> server anyway. WIndows98 Second Edition resolved this problem by letting the
> client specify only the address of a gateway, yes, even in the DNS field,
> gateway knowing its own search domains, figures out on its own how to
> convert names into IP's.
> Perhaps I am doing something wrong here?
> 
> Regards,
> Vic
> 
> 
> 
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
> 

IP masquerading in Linux

[Victor Tsaran]

Hello, listers!
I know some of you already setup IP masquerading on your machines, therefore
a question. Did you have to specify DNS servers for both client and the
server or just for the server? Initially, I thought that once the serverhas
a list of search domains, the client shouldn't care about them, it just
sends IP packets out to the server. Server forwards them to the output
chain. Apparently, it looks as though client also needs to have a DNS entry
to be able to convert names into IP addresses, which are then sent to the
server anyway. WIndows98 Second Edition resolved this problem by letting the
client specify only the address of a gateway, yes, even in the DNS field,
gateway knowing its own search domains, figures out on its own how to
convert names into IP's.
Perhaps I am doing something wrong here?

Regards,
Vic

Re: IP masquerading in Linux

[Victor Tsaran]

Thanks a lot.
Vic

----- Original Message -----
From: "Sebastian Taralunga" <seba@tcx.ro>
To: <speakup@braille.uwo.ca>
Sent: Saturday, March 25, 2000 4:38 AM
Subject: Re: IP masquerading in Linux


> Hello Victor,
>
> You have to specify a nameserver for the clients. IP
> masquerading simply means that the gateway passes all
> requests to the outside world and knows how to handle back
> the responses. If you do not specify a nameserver, the
> clients simply do not know whom to send their
> name-resolution requests...
>
> If you want to have the name-server handle your DNS requests
> as well you will have to either install a name-server on the
> gateway or to use transparent proxy and redirect (using
> ipchains) all the DNS requests from the clients to the
> appropriate name-servers.
>
> Best Regards,
>
> Sebastian
> ___________________________________________________________
> Office: (+40)/1/6.504.430             Mob: (+40)/92/202.086
> Snail:  Sebastian Taralunga, C.P. 13-20, Bucharest, Romania
> E-mail: seba@tcx.ro                  WWW: http://www.tcx.ro
>
> On Sat, 25 Mar 2000, Victor Tsaran wrote:
>
> > Hello, listers!
> > I know some of you already setup IP masquerading on your machines,
therefore
> > a question. Did you have to specify DNS servers for both client and the
> > server or just for the server? Initially, I thought that once the
serverhas
> > a list of search domains, the client shouldn't care about them, it just
> > sends IP packets out to the server. Server forwards them to the output
> > chain. Apparently, it looks as though client also needs to have a DNS
entry
> > to be able to convert names into IP addresses, which are then sent to
the
> > server anyway. WIndows98 Second Edition resolved this problem by letting
the
> > client specify only the address of a gateway, yes, even in the DNS
field,
> > gateway knowing its own search domains, figures out on its own how to
> > convert names into IP's.
> > Perhaps I am doing something wrong here?
> >
> > Regards,
> > Vic
> >
> >
> >
> > _______________________________________________
> > Speakup mailing list
> > Speakup@braille.uwo.ca
> > http://speech.braille.uwo.ca/mailman/listinfo/speakup
> >
>
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup

Re: IP masquerading in Linux

[Geoff Shang]

Hi Victor:

The way I get around this is to run a local DNS server.  Whilst this can be
a bit of a fiddle to set up, I find it well worth it.  The other advantage
in running your own DNS server is that you can allocate names to your local
machines.  Then if you have to change ISP and change which DNS server you
query, you only have to change it on the gateway host.

Geoff.

Re: IP masquerading in Linux

[Geoff Shang]

Hi victor:

What you do is instruct  your DNS server where the root-servers are.  This
will allow your DNS server to look-up all requests you pass to it.  The
only data you need to hold on your own server is data that can't be found
anywhere else, the details for your own network.

Have a look at the dns-howto and let us know if you have questions.  It's a
bit cryptic to begin with, and the syntax of the data files is somewhat
exacting.  But it's pretty cool when ;you get it working.

Geoff.

Re: IP masquerading in Linux

[Victor Tsaran]

Hey, geoff!
In that case, would you need to download the  DNS database? Can you just
setup DNS without that database?
Regards,
Vic

----- Original Message -----
From: "Geoff Shang" <gshang10@scu.edu.au>
To: <speakup@braille.uwo.ca>
Sent: Sunday, March 26, 2000 3:18 AM
Subject: Re: IP masquerading in Linux


> Hi Victor:
>
> The way I get around this is to run a local DNS server.  Whilst this can
be
> a bit of a fiddle to set up, I find it well worth it.  The other advantage
> in running your own DNS server is that you can allocate names to your
local
> machines.  Then if you have to change ISP and change which DNS server you
> query, you only have to change it on the gateway host.
>
> Geoff.
>
>
> _______________________________________________
> Speakup mailing list
> Speakup@braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup