I am trying to setup a complete ubuntu gateway. I have Ubuntu 8.04 LTS Server installed with dhcp3-server, bind9 and dnsutils.
Following shows my configuration as well as the problem:
Ext_IP <=> (10.0.0.138) DSL Routher -DHCP/DNS- (NAT) <=> eth0 <=> (10.0.0.3) Server -DHCP/DNS- <=> eth1 (172.20.0.1) <=> switch <=> clients
Server:
hostname= nextcube
eth0: External IP NATted on 10.0.0.3
eth1: Internel IP interface, 172.20.0.1
/etc/network/interfaces:
/etc/hosts:Code:auto eth0 iface eth0 inet dhcp auto eth1 iface eth1 inet static address 172.20.0.1 netmask 255.255.255.0 broadcast 172.20.0.255 gateway 10.0.0.138 # even tried with gateway equal to 10.0.0.3 or 172.20.0.1 as well
Code:127.0.0.1 localhost 127.0.1.1 nextcube.cosp.hq nextcube ns1 ns1.cosp.hq # The following lines are desirable for IPv6 capable hosts ::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes ff02::2 ip6-allrouters ff02::3 ip6-allhosts
DHCP Server Config:
Code:# option definitions common to all supported networks... option domain-name "cosp.hq"; option domain-name-servers ns1.cosp.hq; # ns1.cosp.hq is 127.0.1.1 default-lease-time 600; max-lease-time 7200; subnet 172.20.0.0 netmask 255.255.255.0 { range 172.20.0.100 172.20.0.200; option domain-name-servers ns1.cosp.hq; option domain-name "cosp.hq"; option routers 10.0.0.138; option broadcast-address 172.20.0.255; default-lease-time 600; max-lease-time 7200; }
DNS Server Config:
Code:root@nextcube:/etc/bind# cat named.conf named.conf named.conf.local named.conf.options root@nextcube:/etc/bind# cat named.conf.local // // Do any local configuration here // // Consider adding the 1918 zones here, if they are not used in your // organization //include "/etc/bind/zones.rfc1918"; zone "cosp.hq" { type master; file "/etc/bind/zones/cosp.hq.db"; }; zone "0.20.172.in-addr.arpa" { type master; file "/etc/bind/zones/rev.0.20.172.in-addr.arpa"; }; root@nextcube:/etc/bind# cat named.conf.options options { directory "/var/cache/bind"; // If there is a firewall between you and nameservers you want // to talk to, you might need to uncomment the query-source // directive below. Previous versions of BIND always asked // questions using port 53, but BIND 8.1 and later use an unprivileged // port by default. // query-source address * port 53; forwarders { #OpenDNS Ones 208.67.222.222; 208.67.220.220; #ISP ones }; auth-nxdomain no; # conform to RFC1035 listen-on-v6 { any; }; }; root@nextcube:/etc/bind# cat zones/cosp.hq.db cosp.hq. IN SOA ns1.cosp.hq. admin.cosp.hq. ( // Do not modify the following lines! 2007031001 28800 3600 604800 38400 ) // Replace the following line as necessary: ns1 = DNS Server name // mail = mail server name cosp.hq = domain name cosp.hq. IN NS ns1.cosp.hq. //cosp.hq. IN MX 10 mail.cosp.hq. // Replace the IP address with the right IP addresses. www IN A 172.20.0.1 //mta IN A 192.168.0.3 ns1 IN A 172.20.0.1 root@nextcube:/etc/bind# cat zones/rev.0.20.172.in-addr.arpa @ IN SOA ns1.cosp.hq. admin.cosp.hq. ( 2007031001; 28800; 604800; 604800; 86400 ) IN NS ns1.cosp.hq. 1 IN PTR cosp.hq
Firewall Rules:
Code:root@nextcube:~# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 172.20.0.0/24 anywhere state NEW ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain OUTPUT (policy ACCEPT) target prot opt source destination
on Server:
Code:root@nextcube:~# ifconfig eth0 Link encap:Ethernet HWaddr 00:08:c7:49:d7:97 inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0 inet6 addr: fe80::208:c7ff:fe49:d797/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:443 errors:0 dropped:0 overruns:0 frame:0 TX packets:303 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:44388 (43.3 KB) TX bytes:19449 (18.9 KB) eth1 Link encap:Ethernet HWaddr 00:e0:4c:06:22:90 inet addr:172.20.0.1 Bcast:172.20.0.255 Mask:255.255.255.0 inet6 addr: fe80::2e0:4cff:fe06:2290/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:2744 errors:0 dropped:0 overruns:0 frame:0 TX packets:2962 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:240041 (234.4 KB) TX bytes:483520 (472.1 KB) Interrupt:21 Base address:0xb800 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:67 errors:0 dropped:0 overruns:0 frame:0 TX packets:67 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:10605 (10.3 KB) TX bytes:10605 (10.3 KB) root@nextcube:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 * 255.255.255.0 U 0 0 0 eth0 172.20.0.0 * 255.255.255.0 U 0 0 0 eth1 default 10.0.0.138 0.0.0.0 UG 100 0 0 eth0 root@nextcube:~# ping google.com PING google.com (64.233.187.99) 56(84) bytes of data. 64 bytes from jc-in-f99.google.com (64.233.187.99): icmp_seq=1 ttl=239 time=326 ms --- google.com ping statistics --- 2 packets transmitted, 1 received, 50% packet loss, time 999ms rtt min/avg/max/mdev = 326.696/326.696/326.696/0.000 ms root@nextcube:~# ping 172.20.0.101 PING 172.20.0.101 (172.20.0.101) 56(84) bytes of data. 64 bytes from 172.20.0.101: icmp_seq=1 ttl=64 time=0.423 ms 64 bytes from 172.20.0.101: icmp_seq=2 ttl=64 time=0.373 ms --- 172.20.0.101 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.373/0.398/0.423/0.025 ms root@nextcube:/etc/bind# cat /etc/resolv.conf search cosp.hq nameserver 172.20.0.1 root@nextcube:/etc/bind# dig google.com ; <<>> DiG 9.4.2-P2 <<>> google.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35599 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 0 ;; QUESTION SECTION: ;google.com. IN A ;; ANSWER SECTION: google.com. 217 IN A 72.14.207.99 google.com. 217 IN A 64.233.187.99 google.com. 217 IN A 209.85.171.99 ;; AUTHORITY SECTION: . 515646 IN NS A.ROOT-SERVERS.NET. . 515646 IN NS I.ROOT-SERVERS.NET. . 515646 IN NS B.ROOT-SERVERS.NET. . 515646 IN NS M.ROOT-SERVERS.NET. . 515646 IN NS L.ROOT-SERVERS.NET. . 515646 IN NS C.ROOT-SERVERS.NET. . 515646 IN NS G.ROOT-SERVERS.NET. . 515646 IN NS J.ROOT-SERVERS.NET. . 515646 IN NS H.ROOT-SERVERS.NET. . 515646 IN NS D.ROOT-SERVERS.NET. . 515646 IN NS K.ROOT-SERVERS.NET. . 515646 IN NS F.ROOT-SERVERS.NET. . 515646 IN NS E.ROOT-SERVERS.NET. ;; Query time: 349 msec ;; SERVER: 172.20.0.1#53(172.20.0.1) ;; WHEN: Fri Nov 21 07:55:27 2008 ;; MSG SIZE rcvd: 287
On Client:
Code:$ ifconfig eth0 eth0 Link encap:Ethernet HWaddr 00:1a:4b:6e:e4:ce inet addr:172.20.0.101 Bcast:172.20.0.255 Mask:255.255.255.0 inet6 addr: fe80::21a:4bff:fe6e:e4ce/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:852 errors:0 dropped:0 overruns:0 frame:0 TX packets:1017 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:119720 (119.7 KB) TX bytes:121429 (121.4 KB) Memory:e4600000-e4620000 $ ping 172.20.0.1 PING 172.20.0.1 (172.20.0.1) 56(84) bytes of data. 64 bytes from 172.20.0.1: icmp_seq=1 ttl=64 time=0.906 ms 64 bytes from 172.20.0.1: icmp_seq=2 ttl=64 time=0.308 ms 64 bytes from 172.20.0.1: icmp_seq=3 ttl=64 time=0.288 ms ^C --- 172.20.0.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2008ms rtt min/avg/max/mdev = 0.288/0.500/0.906/0.287 ms $ ping google.com ping: unknown host google.com $ ping nextcube ping: unknown host nextcube $ ping 202.67.222.222 connect: Network is unreachable $ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 172.16.240.0 * 255.255.255.0 U 0 0 0 vmnet8 172.20.0.0 * 255.255.255.0 U 0 0 0 eth0 192.168.191.0 * 255.255.255.0 U 0 0 0 vmnet1
Even tried to disable DHCP and DNS on DSL router and assign it 172.20.0.254 and eth0=172.20.0.1 while eth1=172.20.0.2, and setting the gateway option as 172.20.0.254 in dhcp config, didn't worked...
Adv Reply
Originally Posted by shoaibi
Bookmarks