openSUSE Gateway not serving DNS addresses

I am so frustrated!

I have an openSUSE 12.2 server (CLI) installation on a P4 system with 3 NICs to use as a firewall/router with a modem to the internet, and an (8-port) unmanaged switch to connect to the other computers.

I have set up the firewall for
eth0 = external
eth1 = DMZ (not plugged in)
eth2 = internal

Masquerading is turned on.
IP Forwarding is turned on.

DNS settings were set to the DNS servers I got off of the modem’s configuration web interface.

I am able to get to Google if I use the IP address.
I get “host not found” when I try to ping using “google.com”.

Everything I have tried to do, I cannot get the host to find by name, but can by IP address!

Help!

My (wireless) router is broken and so I only have 1 laptop able to connect using the modem via wired network.

I am hoping to use openSUSE so I have the option to build upon it after I get this core use done, but if I can’t get it up and running soon I’ll have to go to something like IPCop, which I have used before, even though it is somewhat more limiting to me.

On 2012-09-29 03:26, dragonbite wrote:

> DNS settings were set to the DNS servers I got off of the modem’s
> configuration web interface.

And do these answer queries done from the firewall machine? Test with nslookup, for example.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

DNS settings were set to the DNS servers I got off of the modem’s configuration web interface.

I don’t have a good handle on what is not working, but from what I understand, you’re trying to use openSUSE to act as a DHCP server, is that right?

It is not clear where you do all those actions (like going to Google and ping) from. From that Gateway or from one of the systems it is a gateway for?
Also, it is much more illustrating and gives everybody much more information when you do not tell a story about how you used ping and what it said, but show:

henk@boven:~> ping google.com
PING google.com (173.194.66.101) 56(84) bytes of data.
64 bytes from we-in-f101.1e100.net (173.194.66.101): icmp_req=1 ttl=49 time=9.73 ms
64 bytes from we-in-f101.1e100.net (173.194.66.101): icmp_req=2 ttl=49 time=9.13 ms
64 bytes from we-in-f101.1e100.net (173.194.66.101): icmp_req=3 ttl=49 time=9.12 ms
^C
--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 9.123/9.330/9.736/0.287 ms
henk@boven:~>

Same for most of the other things where you tell conclusions about what you think is important when you did something (exceptions like using FF to go to google.com’s IP addresses accepted, less easy to copy/paste).

And after you explain which system you are talking about (as asked above), you are also asked by Carlos to do:

nslookup google.com

And interesting is of course:

cat /etc/resolv.conf | grep -v '^#'

On 2012-09-29 11:06, hcvv wrote:

> Same for most of the other things where you tell conclusions about what
> you think is important when you did something (exceptions like using FF
> to go to google.com’s IP addresses accepted, less easy to copy/paste).

I agree with that, which is why I did not post an exact command but an action; I lack data.

> And after you explain which system you are talking about (as asked
> above), you are also asked by Carlos to do:
>
> Code:
> --------------------
> nslookup google.com
> --------------------

Rather “nslookup google.com dnsserver”, for starters, so that the resolve file is avoided.

> And interesting is of course:
>
> Code:
> --------------------
> cat /etc/resolv.conf | grep -v ‘^#’
> --------------------

Absolutely.


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

Sorry for the vagueness, I am hopping between being connected to the gateway and being connected to the Internet (and they are on 2 separate floors).

The gateway seems to be connected just fine and is handing out IP addresses.

It is when I am trying from a connected client that “google.com” comes up with “not found” while putting in the IP address comes through on PING and if I put “http://<ip address>” it brings up the Google search page but all links away from the page fail.

PING (from Gateway)

portcullis:~ # ping google.com
PING google.com (173.194.43.37) 56(84) bytes of data.
64 bytes from lga15s35-in-f5.1e100.net (173.194.43.37): icmp_seq=1 ttl=56 time=57.5 ms
64 bytes from lga15s35-in-f5.1e100.net (173.194.43.37): icmp_seq=2 ttl=56 time=55.8 ms
64 bytes from lga15s35-in-f5.1e100.net (173.194.43.37): icmp_seq=3 ttl=56 time=58.2 ms
64 bytes from lga15s35-in-f5.1e100.net (173.194.43.37): icmp_seq=4 ttl=56 time=56.3 ms
^C
--- google.com ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 4005ms
rtt min/avg/max/mdev = 55.879/56.988/58.242/0.983 ms

NSLOOKUP (from Gateway)

portcullis:~ # nslookup google.com
Server:        68.94.157.1
Address:    68.94.157.1#53

Non-authoritative answer:
Name:    google.com
Address: 74.125.226.231
Name:    google.com
Address: 74.125.226.232
Name:    google.com
Address: 74.125.226.233
Name:    google.com
Address: 74.125.226.238
Name:    google.com
Address: 74.125.226.224
Name:    google.com
Address: 74.125.226.225
Name:    google.com
Address: 74.125.226.226
Name:    google.com
Address: 74.125.226.227
Name:    google.com
Address: 74.125.226.228
Name:    google.com
Address: 74.125.226.229
Name:    google.com
Address: 74.125.226.230

CAT (from Gateway)

portcullis:~ # cat /etc/resolv.conf | grep -v '^#'
search kingdom
nameserver 68.94.156.1
nameserver 68.94.157.1
nameserver 192.168.1.254

The first 2 nameservers are the ones I got from the modem’s configuration page. The last nameserver is the modem itself.

On 2012-09-29 16:06, dragonbite wrote:

> The first 2 nameservers are the ones I got from the modem’s
> configuration page. The last nameserver is the modem itself.

So, now do the same on a client computer. If the dns settings are the same, I would investigate
the firewall log (of both machines)


Cheers / Saludos,

Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)

As you now made clear that it is on the other systems (you call them clients) that things go wrong and not on the gateway, we do need of course info from one of those “clients” and NOT from the gateway (well, what you posted shows that you understand how to post computer facts)…

In any case it could be that the DHCP server you run on the gateway does serve IP addresses and the default gateway, but not the DNS server. I never run a DHCP server on Linux, but I guess you should check it’s configuration.