[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

OpenBSD 3.2 & DNS.

Title: OpenBSD 3.2 & DNS.

I hope someone can help me out with MS DNS behind BSD32. Although still somewhat a nebie, I've used OpenBSD as a firewall since 2.7 with great success.

Synopsis (I've indented the relevant parts and left a brief description at the left columns:

        OpenBSD 3.2 dual NICs,
        Outside is xxx.xxx.xxx.xxx (NIC = ne3)
        Inside is  yyy.yyy.yyy.yyy   (NIC = vr0)

Particial pf.conf entires follow.

Firs NAT:
        nat on ne3 inet from yyy.yyy.yyy.0/24 to any -> ne3

        rdr on ne3 proto { tcp, udp } from any to xxx.xxx.xxx.0/24 port 53 -> \
                yyy.yyy.yyy.250 port 53

Blocked addreses are located here here:
        All the bad addresses are here,
Servies allowed are located here:
        # DNS ???
        pass in quick on ne3 proto udp from any to any port 53 keep state
                # next line probably not needed, but stuck it in for testing...
        pass in quick on ne3 proto tcp from any to any port 53 flags S/SA keep state

I then do an nslookup like so:

        FW1# nslookup 2knettrain.com
        *** Can't find server name for address Non-existent host/domain
        Server:  ns3so.cg.shawcable.net

        Name:    2knettrain.com

The first line is a mystery because it is a valid domain, with a valid host. I can perform nslookups inside but not from the outside. I know I'm missing  something, but cannot seem to get my head around it. This all worked fine under BSD2.9, but I don't want to go back to an unsupported version.

I have read every mailer and hint I can find and everything seems to be configured correctly. I have MS DNS configured on the inside, but cannot seem to resolve anything to it from the outside.

What am I missing?

Any help would be HUGELY appreciated.


Richard Gutery