Mark
asked on
Linux, cannot resolve domain name from host on DHCP LAN
I have a Linux slackware host acting as a LAN router and DHCP server. That is working mostly fine, but the DHCP clients on the LAN cannot resolve domain names.
On the router/DHCP server I have:
eth0 is the connection to the Internet with a static IP: 64.128.99.23, gateway: 64.128.99.65, nameservers: 8.8.8.8 and 66.193.88.3.
eth1 is the LAN interface with static IP 192.168.1.1, netmask 255.255.255.0. This is also the interface for the DHCP server which is started with: /usr/sbin/dhcpd eth1. I also have /etc/sysctl.conf: net.ivp4.ip_forward = 1
My iptables startup has:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
With the above configuration other hosts on the LAN can get an IP address and I can connect to these hosts from this router/DHCP-server.
What I cannot do is connect from a LAN host (e.g. 192.168.1.101) to the Internet:
$ ping yahoo.com # this timed out in about 40 seconds
ping: unknown host yahoo.com
$ ping 8.8.8.8 # this did nothing for over 8 minutes, then I gave up
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
the /etc/resolv.conf on 192.168.1.101 is:
# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
nameserver 8.8.8.8
nameserver 66.193.88.3
# /etc/resolv.conf.tail can replace this line
What am I missing?
On the router/DHCP server I have:
eth0 is the connection to the Internet with a static IP: 64.128.99.23, gateway: 64.128.99.65, nameservers: 8.8.8.8 and 66.193.88.3.
eth1 is the LAN interface with static IP 192.168.1.1, netmask 255.255.255.0. This is also the interface for the DHCP server which is started with: /usr/sbin/dhcpd eth1. I also have /etc/sysctl.conf: net.ivp4.ip_forward = 1
My iptables startup has:
iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
With the above configuration other hosts on the LAN can get an IP address and I can connect to these hosts from this router/DHCP-server.
What I cannot do is connect from a LAN host (e.g. 192.168.1.101) to the Internet:
$ ping yahoo.com # this timed out in about 40 seconds
ping: unknown host yahoo.com
$ ping 8.8.8.8 # this did nothing for over 8 minutes, then I gave up
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
the /etc/resolv.conf on 192.168.1.101 is:
# Generated by dhcpcd from eth0
# /etc/resolv.conf.head can replace this line
nameserver 8.8.8.8
nameserver 66.193.88.3
# /etc/resolv.conf.tail can replace this line
What am I missing?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem was with router, not configuration
ASKER
Actually, I meant to bogusize the IP address, but forgot before posting!
The link you gave me doesn't really help. That example shows the "Internet" facing NIC getting its IP address from an upstream cablemodem or router / DHCP server. My eth0 has the public IP, no DHCP. I think that is the main issue. I have another setup just like the link illustrates and it works just fine.
The difference:
Working system:
eth0 gets IP via DHCP, no gateway specified, no nameservers specified
resolv.conf auto-created by dhcpcd from eth0 with nameservers of ISP.
dhcp client hosts on LAN also get resolv.conf auto-created by 192.168.1.1 DHCP server and has 192.168.1.1 listed as nameserver.
Not working:
eth0 has assigned IP, gateway and name servers are explicitly assigned.
dhcp client hosts on LAN also get resolv.conf auto-create by 192.168.1.1, but name servers listed are the same as those in 192.168.1.1's resolv.conf.
Manually changing LAN hosts resolv.conf to have 192.168.1.1 as nameserver does not help.
I feel like I'm missing a step, like specifying the "gateway" on the router host for the 192.168.1.1 NIC.
What am I missing? Add a router? Bridge?
maybe a clue: on the router host ...
$ ping -I eth1 yahoo.com
PING yahoo.com (206.190.36.45) from 192.168.1.1 eth1: 56(84) bytes of data.
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
Meanwhile, I will continue to look at your link and see if I can find more info.