[NTLUG:Discuss] Port forwarding with IPCop

Greg Edwards greg at nas-inet.com
Fri Feb 27 19:35:56 CST 2004 

Bobby Wrenn wrote:
> Greg Edwards wrote:
>> I would start by making sure your addresses resolve.  When you run 
>> "host mailserver" from a station inside what do you get back?
>>
>> I run 2 DNS servers, one for outside and one for inside, to resolve 
>> the problem of services shared on both sides of the firewall.
>>
>  host mail.wrennest.com host returns mail.wrennest.com has address 
> 216.87.150.158. This is the external address of the system. I have not 
> tried to do DNS internally because that was one more thing to learn that 
> I could push off to someone else for a small fee.
> 
> This is the same DNS arrangement that worked with the old system.
> 


You might run a traceroute to your mail server to see if it does get 
back to the mail server.  Splitting your external and internal DNS 
servers is pretty simple.  Run your external on the firewall and 
internal on the mail server.  Use the same names (external services) in 
both but only use external addresses in external and internal in 
internal.  Since both are authoritative only the first seen by a query 
will answer.  Clear as mud, right?

You might find this of interest.  The trace is probably what you'd want 
to see from the outside.  However the ping and host are interesting.

[root at hawk greg]# traceroute mail.wrennest.com
traceroute to mail.wrennest.com (216.87.150.158), 30 hops max, 38 byte 
packets
  1  mrytle (x.x.x.x)  0.391 ms  0.654 ms  0.264 ms
  2  anduin-gtenat.netin.com (216.109.165.1)  10.416 ms  9.691 ms  9.829 ms
  3  cairandros.netin.com (216.109.160.16)  10.034 ms 
osgiliath.netin.com (216.109.160.15)  10.813 ms cairandros.netin.com 
(216.109.160.16)  10.907 ms
  4  ge-8-0-219.ipcolo1.Dallas1.Level3.net (63.209.47.241)  10.182 ms 
border3.fe5-4.netin-1.ext1.dal.pnap.net (216.52.189.69)  10.128 ms 
ge-8-0-219.ipcolo1.Dallas1.Level3.net (63.209.47.241)  10.394 ms
  5  augustnet-1.border3.ext1.dal.pnap.net (216.52.189.122)  10.908 ms 
dal-gw1-l3.august.net (209.246.159.242)  10.816 ms 
augustnet-1.border3.ext1.dal.pnap.net (216.52.189.122)  10.491 ms
  6  loopzeroside-onfiber-l3-l0.august.net (64.90.55.202)  10.233 ms 
lone-atm1.august.net (216.87.144.197)  11.230 ms 
loopzeroside-onfiber-l3-l0.august.net (64.90.55.202)  11.388 ms
  7  * lone-atm1.august.net (216.87.144.197)  11.279 ms *
  8  * * *
  9  * *

[root at hawk greg]# ping -c 10 mail.wrennest.com
PING mail.wrennest.com (216.87.150.158) from x.x.x.x : 56(84) bytes of data.
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=1 ttl=58 
time=60.5 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=2 ttl=58 
time=37.3 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=3 ttl=58 
time=37.4 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=4 ttl=58 
time=37.5 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=5 ttl=58 
time=37.4 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=6 ttl=58 
time=37.4 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=7 ttl=58 
time=36.8 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=8 ttl=58 
time=37.8 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=9 ttl=58 
time=37.1 ms
64 bytes from www.rocksolidweb.org (216.87.150.158): icmp_seq=10 ttl=58 
time=37.2 ms

--- mail.wrennest.com ping statistics ---
10 packets transmitted, 10 received, 0% loss, time 9076ms
rtt min/avg/max/mdev = 36.829/39.688/60.515/6.950 ms

[root at hawk greg]# host -a rocksolidweb.org
Trying "rocksolidweb.org"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17241
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;rocksolidweb.org.              IN      ANY

;; ANSWER SECTION:
rocksolidweb.org.       86030   IN      A       216.87.150.158
rocksolidweb.org.       86030   IN      NS      ns1.august.net.
rocksolidweb.org.       86030   IN      NS      ns2.august.net.

;; AUTHORITY SECTION:
rocksolidweb.org.       86030   IN      NS      ns1.august.net.
rocksolidweb.org.       86030   IN      NS      ns2.august.net.

;; ADDITIONAL SECTION:
ns1.august.net.         171807  IN      A       192.150.87.18
ns2.august.net.         171807  IN      A       192.150.87.2

-- 
Greg Edwards
New Age Software, Inc. - http://www.nas-inet.com
Consulting Services    - http://consult.nas-inet.com

More information about the Discuss mailing list