[lug] Ipchains, Port Forwarding, and DNS

[Michael Deck]

I'm having a problem, probably with my BIND setup, which manifested itself when I got virtuous after reading 'Building Linux and OpenBSD Firewalls' and moved my servers off the firewall machine into the internal (masqueraded) network. In the process I upgraded to Krud (a RH6.0 version). 

What's happening is, I can get to servers within my local network from everywhere in the world *except* from inside the network. So if I ssh to a client site halfway across the country and then lynx back to www.cleansoft.net, I get the right page. But if I lynx www.cleansoft.net from inside the network, it hangs forever and I have to ^C. 

I can lynx localhost from the machine running the web page. I can ping www.cleansoft.net from inside the firewall. I have tried this with and without www.cleansoft.net in /etc/hosts. Right now resolv.conf only contains my ISP's nameservers but I've tried it also with the address of the local DNS server. 

So I'm running ipchains and ipmasqadm. I am using BIND to provide name service on domain 'cleansoft.net' for which only my machine is authoritative (and reverse lookups are probably fubar because my ISP doesn't know I'm here so they aren't in the reverse-lookup chain). Right now, named is running on the firewall because I thought maybe the problem was because it was running inside. 

I am not getting any messages in syslog from the firewall. 

This is probably a dumb newbie mistake. If you have a suspicion where the problem lies, I can post the relevant config files. 

TIA,
  Mike

Michael Deck
Cleanroom Software Engineering, Inc.