[H-GEN] Bind from behind a firewall
Michael Anthon
michael at anthon.net
Wed Sep 10 18:33:48 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
Rick Phillips wrote:
> My syslog has the following two entries after "restart" of named - do these
> two entries confirm binding?
>
> Sep 11 07:28:11 hegwig named[5506]: listening on IPv4 interface lo,
> 127.0.0.1#53
> Sep 11 07:28:11 hegwig named[5506]: listening on IPv4 interface eth0,
> 192.168.2.185#53
On the face of it, yes. However without knowing how your network is
configured it's hard to say if it's sufficient. My initial thought when
I saw this was "it's not listening on your external address" but it's
possible you are port forwarding from the true 203.63.166.202 to
192.168.2.185.
The main question in my mind is which device has the address
203.63.166.202. Is it the modem/router or the server? In the latter
case you would need to ensure it is also listening on 203.63.166.202, in
the first case it's a bit more difficult. I don't know a great deal
about the "bastion" setup but I would assume that the different views
seen are based upon the interface the request is received on. In that
case, if you are port forwarding DNS requests from the router then you
may be in a bit of strife getting this to work.
Cheers,
Michael
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list