[H-GEN] Bind from behind a firewall

Rick Phillips rickp at suntech.net.au
Wed Sep 10 19:13:46 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

Hi Michael,

> On the face of it, yes.  However without knowing how your network is
> configured it's hard to say if it's sufficient.  My initial
> thought when
> I saw this was "it's not listening on your external address" but it's
> possible you are port forwarding from the true 203.63.166.202 to
> 192.168.2.185.
>
> The main question in my mind is which device has the address
> 203.63.166.202.  Is it the modem/router or the server?  In the latter
> case you would need to ensure it is also listening on
> 203.63.166.202, in
> the first case it's a bit more difficult.  I don't know a great deal
> about the "bastion" setup but I would assume that the different views
> seen are based upon the interface the request is received on.
>  In that
> case, if you are port forwarding DNS requests from the router
> then you
> may be in a bit of strife getting this to work.

There is some food for thought here.  My name server, being internal has a
local address - 192.168.2.185 and I assume the external address of
203.63.166.202 is held on the modem/router/firewall.

I have also had an additional thought - the rndc security key in the conf
file was generated when the server had a different name.  I have commented
this out and have restarted the name server.  Perhaps this is the key to the
problem.  I guess a ping in a few minutes time from someone might establish
a change in the situation.

The "bastion" server setup is designed to overcome the problem of name
server behind a hardware/software firewall and I am sure that it is
something that I have overlooked which is causing the problem.

These thoughts from others are all good though and in the end, the problem
will be solved.

Regards,

Rick



--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list