Linux, cannot resolve domain name from host on DHCP LAN

I have a Linux slackware host acting as a LAN router and DHCP server. That is working mostly fine, but the DHCP clients on the LAN cannot resolve domain names.

On the router/DHCP server I have:

eth0 is the connection to the Internet with a static IP: 64.128.99.23, gateway: 64.128.99.65, nameservers:  8.8.8.8 and 66.193.88.3.

eth1 is the LAN interface with static IP 192.168.1.1, netmask 255.255.255.0. This is also the interface for the DHCP server which is started with: /usr/sbin/dhcpd eth1. I also have /etc/sysctl.conf: net.ivp4.ip_forward = 1

My iptables startup has:

iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT

With the above configuration other hosts on the LAN can get an IP address and I can connect to these hosts from this router/DHCP-server.

What I cannot do is connect from a LAN host (e.g. 192.168.1.101) to the Internet:

$ ping yahoo.com   # this timed out in about 40 seconds
ping: unknown host yahoo.com

$ ping 8.8.8.8    # this did nothing for over 8 minutes, then I gave up
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

the /etc/resolv.conf on 192.168.1.101 is:

# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
nameserver 8.8.8.8
nameserver 66.193.88.3
# /etc/resolv.conf.tail can replace this line

What am I missing?
LVL 1
MarkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

savoneCommented:
First, I wouldn't post my public IP address on any forum like this (for security purposes).

Maybe this will solve your problem.
http://how-to.wikia.com/wiki/How_to_set_up_a_NAT_router_on_a_Linux-based_computer
0
MarkAuthor Commented:
savone > First, I wouldn't post my public IP address on any forum like this

Actually, I meant to bogusize the IP address, but forgot before posting!

The link you gave me doesn't really help. That example shows the "Internet" facing NIC getting its IP address from an upstream cablemodem or router / DHCP server. My eth0 has the public IP, no DHCP. I think that is the main issue. I have another setup just like the link illustrates and it works just fine.

The difference:

Working system:

eth0 gets IP via DHCP, no gateway specified, no nameservers specified
resolv.conf auto-created by dhcpcd from eth0 with nameservers of ISP.

dhcp client hosts on LAN also get resolv.conf auto-created by 192.168.1.1 DHCP server and has 192.168.1.1 listed as nameserver.

Not working:

eth0 has assigned IP, gateway and name servers are explicitly assigned.

dhcp client hosts on LAN also get resolv.conf auto-create by 192.168.1.1, but name servers listed are the same as those in 192.168.1.1's resolv.conf.

Manually changing LAN hosts resolv.conf to have 192.168.1.1 as nameserver does not help.

I feel like I'm missing a step, like specifying the "gateway" on the router host for the 192.168.1.1 NIC.

What am I missing? Add a router? Bridge?

maybe a clue: on the router host ...

$ ping -I eth1 yahoo.com
PING yahoo.com (206.190.36.45) from 192.168.1.1 eth1: 56(84) bytes of data.
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable

Meanwhile, I will continue to look at your link and see if I can find more info.
0
My name is MudSystems EngineerCommented:
>>What I cannot do is connect from a LAN host (e.g. 192.168.1.101) to the Internet:

You need masquerading... not NAT!

Look here for details... http://tldp.org/HOWTO/IP-Masquerade-HOWTO/firewall-examples.html I have a server connected to internet on eth0 and masquerading eth1 with dhcpd and named (or bind)...
0
PMI ACP® Project Management

Prepare for the PMI Agile Certified Practitioner (PMI-ACP)® exam, which formally recognizes your knowledge of agile principles and your skill with agile techniques.

SandyCommented:
check resolve.conf permission must be readable and executable by everyone

;)
0
MarkAuthor Commented:
Well folks, I found the problem! It had nothing to do with my configuration. I had a flakey Cisco RSV 4000 router/switch that would simply, occasionally, get confused. I could connect to the various host from outside the LAN, but the hosts could not connect to the Internet. Eventually, I could not connect from the outside either. Cycling power on the router restored everything.

Needless to say, travelling to a remote location to cycle power in the router was not acceptable. I replaced the router and the problem has been gone for several weeks now. This is the 2nd RSV 4000 I've had a problem with. I will *not* be getting any more of these. In fact, I decided to use Linux and iptables for my firewall/router and it's been working flawlessly for a fraction of the cost.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
MarkAuthor Commented:
Problem was with router, not configuration
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.