I forgot to mention that the router that's CARP is also load-balanced. I was searching the net and a lot of people the load-balancing for this unexpected source error. Since my router is load-balanced via CARP, is there a nat rule I can add to make source/destination IPs the same?
Thanks On Sun, Nov 16, 2008 at 7:48 PM, Vivek Ayer <[EMAIL PROTECTED]> wrote: > I must add that the public IP is a virtual IP that CARP claims. I run > nslookup on the with the external public IP (a physical one) and I get > no response. I get the unexpected source response only when I nslookup > using the CARP public IP as the nameserver which forwards to the > internal DNS. Is getting no response for the physical interface > natural? I suspect packets are getting sloshed and not really going > anywhere because of my pf.conf. > > Vivek > > On Sun, Nov 16, 2008 at 7:21 PM, Vivek Ayer <[EMAIL PROTECTED]> wrote: >> thanks to K.R. for the named cleanup. I tried that, but to no avail. I >> suspect it's a nat issue because the source packets aren't matching >> the destination packets. rdr/pass rules seem to be working because i'm >> getting a response from the internal DNS, when I nslookup on the >> router. I even tried nslookup from a different network, but i'm just >> getting time out. How to do nat the public IP to the internal DNS and >> if I can, do I do it for $ext_if and $int_if of the router? >> >> Thanks, >> Vivek >> >> On Sun, Nov 16, 2008 at 5:35 PM, Adriaan <[EMAIL PROTECTED]> wrote: >>> On Sun, Nov 16, 2008 at 7:25 AM, Vivek Ayer <[EMAIL PROTECTED]> wrote: >>>> >>>> Need some help with DNS queries behind a router. I set up a DNS server >>>> in my network and it responds when I'm within my network. I tried >>>> nslookup from localhost on the dns server and also from the LAN and it >>>> works just find, but when I use the public IP of the router for the >>>> network, which should forward the port to the DNS server, it says >>>> "unexpected reply from 192.168.1.101, expected from the (public IP, >>>> which I won't display in this email)." Does that mean the port >>>> forwarding is working? >>> >>> I am not sure whether you really did direct that query over the >>> internet to the public IP or >>> from your local LAN. >>> >>> Initiating a DNS query from a local LAN box to the public IP will not >>> get redirected. >>> See http://openbsd.org/faq/pf/rdr.html#reflect for the explanation. >>> >>> =Adriaan=
