[SOLVED] - No internal name resolution

[Crymson]

Hey everybody. I have an interesting problem that I can't quite seem to fix regarding internal name resolution.

I have a DSL line, which Qw(orst)est graciously offers me one whopping IP Address. I have a craptastic Actiontec DSL modem, with a single Ethernet out. I have a Wireless router, which then connects my 3 internal machines. My gentoo box runs named, hosts my domains, and other fun stuff.

More recently to having Qworst for ISP service, I had another ISP that granted me 2 IP's. The setup then was great. I had an external IP for the DSL modem, and a second external IP for my wireless router, and everything was great. Things would resolve inside or outside.

Now comes the problem. Since I only have one IP, and I don't wan to double-NAT, the DSL modem gets the external IP. It also is the gateway for my internal network (192.168.0.x.) Everything else, the wireless router, and my 3 computers are all on the same 0.x subnet, using the DSL modem as the gateway. I can get out to the internet fine, and DNS has been updated with my new IP for the website and all that, and people can access my websites from outside no problem.

The problem is, I can't resolve the names of any of my servers INSIDE the network. If I try to access my gentoo box via samba (hostname enterprise) my XP machine can't find it named as such, I have to use the internal IP of the box (192.168.0.2)

My external IP is 67.40.87.xxx - if I try to access that IP from inside, I get the setup for the DSL router (like I typed in 192.168.0.1) - I'm guessing that since it doesn't leave the internal network, it doesn't get a chance to get forwarded to the gentoo machine.

So, I know what the problem is, but how can I fix it? I don't want to change all my settings to access my webpages/email depending on whether I'm at home or not. What did I miss?

Thanks in advance.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[keyson]

Hi.

You can give the router the external ip and setting the dsl modem
in transparent bridging. Then you have the same function as when:

[Crymson]

Ok, let's see if I got this right.

Put the GT701 in Transparent Bridging mode. No problem.

Then, I'll need to authenticate with the ISP via the wireless router, right? It gives me the option to get an IP via PPPoE, but I use PPPoA (not sure if qwest will let us get away with using PPPoE forever.)

Even when I did that, the DSL modem never authenticated, so I never got online.

Perhaps I can do something with Unnumbered/VIP mode? I'm not too clear on what those 2 options do for me.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[keyson]

Yep, you got it right.

But it may be a problem if the router don't support the autentication.
Maybe if you give us the type of modem an router, someone may
have some idea.

[Crymson]

Ok, sorry about that.

I'm not at home right this second, but the DSL modem is an Actiontec GT701, the Wireless router is a D-Link DI-524.

I'll edit this post with the revision numbers when I get home.

Thanks for the suggestion though.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[keyson]

Ok.

That's not god. You can't use it in bridge mode as the router not supports
the connection. So one thing to do is to setup the modem as normal.
Give the modem's lan port the lan-ip of 192.168.0.1 and change the router ip
to 192.168.1.1.

Now connect the modem lan-port to one of the switch ports on the router.
You use the settings in the modem for portforward and so on.

One problem with this may be that the router is handling connections
between the wired and the wireless section as a form of bridge, dependent
on the ip setting of the router. But normaly it should work on layer 1-2 and
use the hardware adresses.

Or you may hack the system in the dlink (think it run on embedded Linux) to implement pppoa

[Crymson]

I tried that originally - but that's double NAT, and nothing would get through to my server... maybe I did it wrong.

One question though -

If everything is behind the Dlink, 192.168.x - then how can a port forward on the modem 192.168.0.x reach it? It would need to be forwarded twice wouldn't it?

As I stated in my original post, this is exactly how I had it set up before, except the router had a public IP, rather than a private IP only.

Just not sure how I can do this with one IP...

does it cause a big security problem if I put the router in the DMZ of the modem, and do the port forwarding from the router?
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[Crymson]

Ok, put the router in the DMZ of the modem, and I get the same problem.

Whenever I try to access my website, I get the stupid setup screen for the DSL modem. Why won't it forward requests that it receives from inside the network? The only way I can access my stuff is if I type in the internal IP address of my web server.

The same goes for network access - only by IP, not by name.

Of course, I also just managed to screw up the DLink... I forwarded port 80 to my server, like I should have for when requests come from the modem... and now I can't access the web setup for the router... so the router does what I want the modem to do, and vice versa.

ARRRRRRGH this is annoying.
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[keyson]

Yep.

This is a problem with this 'home' router's.

[Aurisor]

I know you're trying to do things the right way and all, and I respect that, but wouldn't it be a lot easier to just put the domains in the host files of your machines? If your home network is anything like mine, you probably don't have a lot of named machines and they don't change that often.

Just a thought.

[Crymson]

Ok, problem solved. I was actually doing what you suggested and using the D-Link as a switch.

Here's what I ended up doing.

1) The reason I couldn't resolve anything internally is because Samba was using the old, incorrect IP. Fixed that, made sure everything was in the same workgroup, and it began working.

2) Regarding the IP Addresses. I created separate zome files for my domains. If the request is coming from an INTERNAL IP, then it will answer with the internal IP address of the machine. If the request is coming from an EXTERNAL IP, it answers with the external IP address (at which point the port forwarding works as it should.)

In order to get the nameservers to work, on my connection in my Winbloz machine, I put 192.168.0.2 as my primary DNS (internal IP of the gentoo box) and I put 209.145.192.20 (an external DNS server) as the secondary. This accomplishes what I want. Internal resolution with the gentoo box first, and if I'm outside the network, it uses secondary DNS, and resolves outside the network.

The architecture is setup like this:

ATM -> DSL modem -> LAN port on D-Link -> All other machines.

All port forwarding is handled by the DSL modem, and DHCP is enabled on the DSL modem, not the D-Link. This way, if people come on to my network via DHCP, the DSL modem will give out the proper DNS servers, and an appropriate IP address.

Talk about a big pain in the rear for something that should be pretty easy.

I'll post my named.conf and zone file here when I get home, for those who are having the same issue as myself.

Thanks for all your help you guys!!
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[Crymson]

Now here's a stupid question... now that I've solved the problem, I want to change the topic name to [SOLVED] etc... how do I do that? I don't see an option...
_________________
Knowledge is Power // Power Corrupts // Study Hard // Be Evil

[keyson]

If you press edit on the first post, you may edit the topic. (I think).

[Crymson]

Hehe, sweet deal thanks. And thanks again for all your earlier help.

As promised, here are my internal and external zone files.

crymson.org (External zone file)