It's definitely a DNS issue, although it should be working as your
resolv.conf file looks good.
Can you check a few things please?
Can you put your /etc/resolv.conf file back to the one with the ISP's
dns servers in it first.
Can you confirm if you've got pf enabled or not and if you do can you
send a copy of your pf.conf file.
Can you confirm the contents of your /etc/mygate file.
Can you confirm the contents of your /etc/hostname.rl1 and
/etc/hostname.rl0 files.
Can you also confirm the subnet mask on your adsl router's 192.168.0.1
address ( it'll probably be something like 255.255.255.0)
What I'm trying to do is troubleshoot a few things such as if you've got
firewall rules that will interfere with dns lookups and your network
settings to see if there's a misstype in there as it should be working
at the moment.
Once we've the internet working properly on your openbsd box we'll then
work on getting machines behind it to access through it properly.
Ta - Nick
Mike Henker wrote:
Hi Nick & Greg I was testing all the steps but the problem (and
remember I m a newbie and perhaps I m wrong) I think is because the
firewall can t "see" Internet (exactly the rl1 card with ip 192.168.0.9).
I tried differents options in resolv.conf
1) The one you said (192.168.0.1 is the gateway on the router)
lookup file bind
nameserver 192.168.0.1
Having that in resolv.conf I can ping to 192.168.0.1, to 192.168.0.9,
and also to 192.198.1.3 but dont work DNS lookups or pings to machines
on Internet:
lynx news.bbc.co.uk or nslookup news.bbc.co.uk (said "connection time
out; no servers could be reached") or ping http://www.google.com (said
"ping: unkown host http://www.google.com)
2) Another option I tried is to put into resolv.conf the DNS of my ISP
(as I saw it in the faqs)
lookup file bind
nameserver 194.224.52.6
nameserver 194.224.52.4
And happens the same I can ping to 192.168.0.1, to 192.168.0.9, and
also to 192.198.1.3 but dont work DNS lookups or pings to machines on
Internet:
lynx news.bbc.co.uk or nslookup news.bbc.co.uk (said "connection time
out; no servers could be reached") or ping http://www.google.com (said
"ping: unkown host http://www.google.com)
I called to my ISP, a nice girl answer the phone and at first said
Open...what ?? She said for to be connected to Internet in any OS I ll
need always 3 parameters:
The gateway: 192.1668.0.1
The primary DNS: 194.224.52.6
The secondary DNS: 194.224.52.4
If it can help if I connect my wife's PC (with windows) with the 3
parameters the ISP said me (the gateway and the two DNS) she can surf
on Internet without probs.
I hope all of this info can help you for to detect what s the problem.
Regards,
Mike
_____________________________________________________________________________
Greg Thomas escribis:
It looks like Nick's reply has everything covered, most importantly
the requirement of a new route on your router to your 192.168.1.x
network.
Greg
On 8/15/05, Mike Henker <[EMAIL PROTECTED]> wrote:
You re right, Im sorry I wrote an error instead of "192.169.1.x" I mean
192.168.1.x
I know what I want to do, the problem is I don t know how to
configurate
the firewall:
For to ilustrate better the structure is:
Router-OpenBSDFirewall-Hub-Intranet Lan (with some machines connected)
Looking nearly:
Router (with gateway 192.168.0.1)
OpenBSD with 2 network cards:
One network card 192.168.0.9 (connected to the router)
One network Card 192.168.1.3 (connected to a HUB) I want to connect my
wife's computer and the rest of machines (my home lan) to the hub
for to
be protected by the OpenBSD firewall, and all the traffic will pass
through the OpenBSD firewall.
I suppose NAT is running on my 192.168.0.1 router because if I
connect a
machine directly to the router just need 3 parameters for to "surf" on
Internet (my ISP give me that info)
The gateway 192.168.0.1
A Primary DNS 194.224.52.6
A secondary DNS 194.224.52.4
Greg the info you need:
My wife computer s 192.168.1.20
My laptop 192.168.1.19
Another machine 192.168.1.18
mygate file has:
192.168.0.1
Results of netstat -rn
Routing tables
Internet:
Destination Gateway Flags Refs Use Mtu Interface
default 192.168.0.1 UGS 0 0 - rl1
127/8 127.0.0.1 UGRS 0 0 33224 lo0
127.0.0.1 127.0.0.1 UH 1 104 33224 lo0
192.168.0/24 link#2 UC 1 0 - rl1
192.168.0.1 0:4:76:95:70:bb UHLc 1 0 - rl1
192.168.1/24 link#1 UC 0 0 - rl0
224/4 127.0.0.1 URS 0 0 33224 lo0
I suppose I must to put as gateway in the machines connected to the hub
the gateway 192.168.1.3 (remember is the network card of the OpenBSD
firewall connected to the Hub)
Salutes,
Mike
Greg Thomas escribis:
This is a basic networking problem. You need to post MUCH more info.
We'll assume NAT is running on your 192.168.0.1 router.
A little drawing of your network with IPs of your workstations,
firewall, and router would help. Either you have a typo below or you
don't understand TCP/IP, see my note below. Need contents of
etc/mygate. Results of netstat -rn.
On 8/15/05, Mike Henker <[EMAIL PROTECTED]> wrote:
I checked the file you said and is correct. I think the problem is
what
you said because if I do a ping and a messages appears saying "ping:
unknow host http://www.openbsd.org";
Perhaps giving the maximun info will understand better what I want
to do.
I installed OpenBSD 3.7
I have a router at home and want to put a firewall between the router
and the lan I have at home.
The gateway (on the router is 192.168.0.1)
The OpenBSD firewall I installed has 2 nerwork cards
- 192.168.0.3
- 192.169.1.9
Like the man afterboot says I enabled in /etc/sysctl.conf:
net.inet.ip.forwarding=1
But seems not to work, because the machines in the intranet (my wife
machines has the IP 192.168.1.20 for example) can t exit to Internet
You have 192.168.1.x in that last sentence but 192.169.1.x up above.
I assume you mean:
192.168.1.20 <-> 192.168.1.9/192.168.0.3 <-> 192.168.0.1 <->
internet
Greg
