DNS

DNS

[Jordan Crouse]

Has anyone encountered peculiar happenings with the 2.0.7 glibc and
resolving names via DNS?  It is simply *NOT* going out to the specifiec
nameserver (verified via line sniffer), even though /etc/resolv.conf is
present and correct.  Any lookups with the /etc/hosts file work great,
its just when I try to go out on the network.

Has anyone noticed any strangeness with this????

Jordan

Re: DNS

[Klaus Naumann]

On Tue, 28 Nov 2000, Jordan Crouse wrote:

> Has anyone encountered peculiar happenings with the 2.0.7 glibc and

Please don't use glibc 2.0.7 . A lot of ppl (including me) have found out,
that it doesn't work.

		HTH, Klaus

-- 
Full Name   : Klaus Naumann     | (http://www.mgnet.de/) (Germany)
Nickname    : Spock             | Org.: Mad Guys Network
Phone / FAX : ++49/177/7862964  | E-Mail: (spock@mgnet.de)
PGP Key     : www.mgnet.de/keys/key_spock.txt

Re: DNS

[Mark Lehrer]

   > Has anyone encountered peculiar happenings with the 2.0.7 glibc and

   Please don't use glibc 2.0.7 . A lot of ppl (including me) have found out,
   that it doesn't work.


What is the best version to use, and where could I download it?  Is
there a site that is archiving pre-compiled binaries?

Thanks!
Mark

Re: DNS

[Jordan Crouse]

Actually, thanks to the hard work of Mike Klar and the boys at SuSE, I
have been able to track down a decently working copy of the libc 2.0.7,
which I have compiled for a VR4122.  In fact, until I hit this DNS
problem, it has been working without a hitch, including pthreads and
some other fairly complicated concepts.

Jordan

Klaus Naumann wrote:
> 
> On Tue, 28 Nov 2000, Jordan Crouse wrote:
> 
> > Has anyone encountered peculiar happenings with the 2.0.7 glibc and
> 
> Please don't use glibc 2.0.7 . A lot of ppl (including me) have found out,
> that it doesn't work.
> 
>                 HTH, Klaus
> 
> --
> Full Name   : Klaus Naumann     | (http://www.mgnet.de/) (Germany)
> Nickname    : Spock             | Org.: Mad Guys Network
> Phone / FAX : ++49/177/7862964  | E-Mail: (spock@mgnet.de)
> PGP Key     : www.mgnet.de/keys/key_spock.txt

Re: DNS

[Ian Chilton]

Hello,

> What is the best version to use, and where could I download it?  Is
> there a site that is archiving pre-compiled binaries?


I have found 2.0.6 to be ok, and am currently working on 2.2

I think I got 2.0.6 from the gnu site, and used patches from
oss.sgi.com/pub/linux/mips, but I have them for download.

ftp://download.ichilton.co.uk/pub/ichilton/linux-mips  or
http://download.ichilton.co.uk/linux-mips


You will find them in the toolchains directory under v1 and v2:

v1 = glibc 2.0.6, egcs 1.0.3a, binutils 2.8.1, kernel 2.2.14
v2 = glibc 2.2, gcc 2.97, binutils 2.10.91, kernel 2.4



Also, if all else fails, check the links page...there are loads of
sites with Linux/MIPS stuff on  :)
http://linuxmips.ichilton.co.uk
 

Thanks!


Bye for Now,

Ian

                                \|||/
                                (o o)
 /---------------------------ooO-(_)-Ooo---------------------------\
 |  Ian Chilton        (IRC Nick - GadgetMan)     ICQ #: 16007717  |
 |-----------------------------------------------------------------|
 |  E-Mail: ian@ichilton.co.uk     Web: http://www.ichilton.co.uk  |
 |-----------------------------------------------------------------|
 |        Proofread carefully to see if you any words out.         |
 \-----------------------------------------------------------------/

DNS

[Mattia Martinello]

Hi all

I wish to open DNS connections and redirect it from the gateway and the 
server on the DMZ.
I tried these rules:

iptables -t nat -A PREROUTING -p tcp -i ppp0 -d [public IP] --dport 53 
-j DNAT --to [private IP]:53
iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT

iptables -t nat -A PREROUTING -p udp -i ppp0 -d [public IP] --dport 53 
-j DNAT --to [private IP]:53
iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT

But if I try to query my DNS server from the Internet my query goes in 
timeout.
The connections between [private IP] and the Internet are allowed (all 
other services work good without any problem, the only service that gets 
me some problems is DNS).

What have I to open to allow DNS connections from the gateway and the DMZ?

Thank you very much
Bye
Mattia

Re: DNS

[Peter Johnson]

I am experiencing a similar sort of thing, I am using the 2.4.20 kernel.

I put logging everywhere and also tcpdumped my interfaces and what I
found was that as soon at the PREROUTING DNAT rule was reached the
packet disappeared. It was not forwarded and certainly didn't reach the
internal server.

My rules are (I am trying HTTP, "dot" is my public interface)

$IPTABLES -t nat -A PREROUTING -i dot -p tcp --dport 80 -j DNAT --to
192.168.1.1:80

and

$IPTABLES -t filter -A FORWARD -i dot -o eth1 -p tcp --dport 80 -j
ACCEPT

I look forward to hearing any advice to further debug this situation or
if the solution is obvious then please let me (us) know.

btw. I am forwarding local traffic out successfully.


Regards,

Peter Johnson

On Mon, 2003-01-13 at 22:52, Mattia Martinello wrote:
> Hi all
> 
> I wish to open DNS connections and redirect it from the gateway and the 
> server on the DMZ.
> I tried these rules:
> 
> iptables -t nat -A PREROUTING -p tcp -i ppp0 -d [public IP] --dport 53 
> -j DNAT --to [private IP]:53
> iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT
> 
> iptables -t nat -A PREROUTING -p udp -i ppp0 -d [public IP] --dport 53 
> -j DNAT --to [private IP]:53
> iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT
> 
> But if I try to query my DNS server from the Internet my query goes in 
> timeout.
> The connections between [private IP] and the Internet are allowed (all 
> other services work good without any problem, the only service that gets 
> me some problems is DNS).
> 
> What have I to open to allow DNS connections from the gateway and the DMZ?
> 
> Thank you very much
> Bye
> Mattia
> 
> 
-- 

Give a man a fish and you feed him for a day. Teach him to use the Net
and he won't bother you for weeks.

Re: DNS

[Joel Newkirk]

On Monday 13 January 2003 06:52 am, Mattia Martinello wrote:
> Hi all
>
> I wish to open DNS connections and redirect it from the gateway and
> the server on the DMZ.
> I tried these rules:
>
> iptables -t nat -A PREROUTING -p tcp -i ppp0 -d [public IP] --dport 53
> -j DNAT --to [private IP]:53
> iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j
> ACCEPT
>
> iptables -t nat -A PREROUTING -p udp -i ppp0 -d [public IP] --dport 53
> -j DNAT --to [private IP]:53
> iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j
> ACCEPT

Do you also have a FORWARD rule ACCEPTing UDP port 53?  It may be a type 
in the mail, but your FORWARD rules are both for TCP here...

BTW, the :53 in the DNAT destination is unnecessary, it will keep the 
same port unless you specify something different.  Not an issue,  just a 
comment. :^)

j

> But if I try to query my DNS server from the Internet my query goes in
> timeout.
> The connections between [private IP] and the Internet are allowed (all
> other services work good without any problem, the only service that
> gets me some problems is DNS).
>
> What have I to open to allow DNS connections from the gateway and the
> DMZ?
>
> Thank you very much
> Bye
> Mattia

Re: DNS

[Tarek W.]

ur second forward rule matches tcp conns when it should match udp.

On Mon, 2003-01-13 at 09:52, Mattia Martinello wrote:
> Hi all
> 
> I wish to open DNS connections and redirect it from the gateway and the 
> server on the DMZ.
> I tried these rules:
> 
> iptables -t nat -A PREROUTING -p tcp -i ppp0 -d [public IP] --dport 53 
> -j DNAT --to [private IP]:53
> iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT
> 
> iptables -t nat -A PREROUTING -p udp -i ppp0 -d [public IP] --dport 53 
> -j DNAT --to [private IP]:53
> iptables -A FORWARD -i ppp0 -d [private IP] -p tcp --dport 53 -j ACCEPT
> 
> But if I try to query my DNS server from the Internet my query goes in 
> timeout.
> The connections between [private IP] and the Internet are allowed (all 
> other services work good without any problem, the only service that gets 
> me some problems is DNS).
> 
> What have I to open to allow DNS connections from the gateway and the DMZ?
> 
> Thank you very much
> Bye
> Mattia
> 
>