Bind, firewall & forward

=?us-ascii?Q?St=E9phane?= Barraud stephane.barraud at pep-esp.fr
Fri May 28 19:40:42 UTC 1999 

Hello,

After 3 hours of headache, i'm asking some help to gurus !!

I'm trying to configure a firewall.
I'm using Bind 8.1.2-5 which comes with linux Redhat 5.2.

the network looks like this :

    bastion -----------  router ------------- internal server
            net 1.10.10         net 192.168.300
             (DMZ)

the bastion host is connected to internet via another router.             


I've configured bind on the bastion host (IP 1.10.10.5) with the following
named.conf :

options {
        directory "/var/named";
};
zone "pep-esp.fr" {
        type master;
        file "named.db";
};
zone "10.10.1.in-addr.arpa" {
        type master;
        file "named.rev";
};
zone "." {
        type hint;
        file "named.ca";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};

I've configured bind on the internal server (IP 192.168.300.15) with the
following named.conf :

options {
        directory "/var/named";
        query-source address 1.10.10.5 port 53;
        forward only;
        forwarders { 1.10.10.5; };
};
zone "pep-esp.fr" {
        type master;
        file "named.db";
};
zone "300.168.192.in-addr.arpa" {
        type master;
        file "named.rev";
};
zone "0.0.127.in-addr.arpa" {
        type master;
        file "named.local";
};
zone "." {
        type hint;
        file "named.ca";
};  

This internal server was previously working correctly without the forward
option.

What i intend to do, is to have the internal server answering to internal hosts
and forwarding requests concerning outside hosts to the firewall bind
server, making only the bastion apparent to internet.


Unfortunatally, this does not work. 
The 2 servers ping each other, 
configuring the resolv.conf of the bastion makes external resolution working 
(ie the bastion bind server is ok), 
the internal server responds correctly to internal
queries (ie to resolv addresses in 192.168.300 network),

BUT the internal server does not respond to requests for external hosts.  

Is my configuration not correct, or is the architecture not correct ?

Any help appreciated.

TIA

steph. 
 

=========================================
Stephane.Barraud at pep-esp.fr

Pole Europeen de Plasturgie
Ecole Superieure de Plasturgie

2 Rue Pierre et Marie Curie
01100 BELLIGNAT FRANCE
=========================================

More information about the bind-users mailing list