Hi all,
I've tried to configure a forward-only DNS server to operate on my LAN, for internet-sharing purposes. I tried both BIND 9.8.4-P2 (on FreeBSD 9.2 with standard kernel), and dnsmasq from ports as well. No matter which one I picked, I could not browse the web on other computers of my LAN. I tried a Windows 7 system and a FreeBSD 9.1 desktop system, but each time I got the same results:
I do not know if this is relevant, but the FreeBSD 9.2 server system connects to the Internet via an ADSL modem that can also act as a LAN router. I have disabled its router feature, so the modem acts in bridge mode instead. This way I could configure FreeBSD for PPPoE and dial in during boot. I use the ipfw and ipdivert kernel modules for NAT and firewall.
I used to have a positive experience with named when I used FreeBSD 9.1 in the past, with an Internet connection coming from a microwave link with DHCP. Everything just worked.
Now here are my tcpdump logs from a client machine:
1. Using the host command on that client machine:
2. Using Mozilla Firefox that cannot load http://www.freebsd.org/:
3. Additionally, I have replaced the FreeBSD 9.2 server system with a LINKSYS router, just to compare the both. Result of the host command:
4. Result of web browsing with Firefox, using the same LINKSYS router:
Additional info:
My ipfw rules are currently the following (for the sake of testing):
I have checked
Do you have an idea why I cannot browse the web and how to fix it?
If you need any more information just ask.
Thanks in advance.
I've tried to configure a forward-only DNS server to operate on my LAN, for internet-sharing purposes. I tried both BIND 9.8.4-P2 (on FreeBSD 9.2 with standard kernel), and dnsmasq from ports as well. No matter which one I picked, I could not browse the web on other computers of my LAN. I tried a Windows 7 system and a FreeBSD 9.1 desktop system, but each time I got the same results:
- dig, nslookup, host, ping works.
- When I use Mozilla Firefox or Internet Explorer, I cannot load any webpages.
I do not know if this is relevant, but the FreeBSD 9.2 server system connects to the Internet via an ADSL modem that can also act as a LAN router. I have disabled its router feature, so the modem acts in bridge mode instead. This way I could configure FreeBSD for PPPoE and dial in during boot. I use the ipfw and ipdivert kernel modules for NAT and firewall.
I used to have a positive experience with named when I used FreeBSD 9.1 in the past, with an Internet connection coming from a microwave link with DHCP. Everything just worked.
Now here are my tcpdump logs from a client machine:
1. Using the host command on that client machine:
Code:
$ host http://www.freebsd.org
http://www.freebsd.org is an alias for wfe0.ysv.freebsd.org.
wfe0.ysv.freebsd.org has address 8.8.178.110
wfe0.ysv.freebsd.org has IPv6 address 2001:1900:2254:206a::50:0
wfe0.ysv.freebsd.org mail is handled by 0 .
Code:
14:30:27.923700 IP 10.0.0.7.35136 > 10.0.0.1.domain: 19747+ A? http://www.freebsd.org. (33)
14:30:27.949778 IP 10.0.0.1.domain > 10.0.0.7.35136: 19747 2/3/0 CNAME wfe0.ysv.freebsd.org., A 8.8.178.110 (160)
14:30:27.976351 IP 10.0.0.7.41142 > 10.0.0.1.domain: 28317+ AAAA? wfe0.ysv.freebsd.org. (38)
14:30:27.977066 IP 10.0.0.1.domain > 10.0.0.7.41142: 28317 1/0/0 AAAA 2001:1900:2254:206a::50:0 (66)
14:30:27.977164 IP 10.0.0.7.22275 > 10.0.0.1.domain: 48651+ MX? wfe0.ysv.freebsd.org. (38)
14:30:28.035252 IP 10.0.0.1.domain > 10.0.0.7.22275: 48651 1/3/0 MX . 0 (141)
2. Using Mozilla Firefox that cannot load http://www.freebsd.org/:
Code:
14:32:30.706583 IP 10.0.0.7.17696 > 10.0.0.1.domain: 388+ A? http://www.freebsd.org. (33)
14:32:30.730577 IP 10.0.0.1.domain > 10.0.0.7.17696: 388 2/3/0 CNAME wfe0.ysv.freebsd.org., A 8.8.178.110 (160)
14:32:30.730625 IP 10.0.0.7.38222 > 10.0.0.1.domain: 389+ AAAA? http://www.freebsd.org. (33)
14:32:30.731286 IP 10.0.0.1.domain > 10.0.0.7.38222: 389 2/0/0 CNAME wfe0.ysv.freebsd.org., AAAA 2001:1900:2254:206a::50:0 (95)
14:32:30.957367 IP 10.0.0.7.48786 > 10.0.0.1.domain: 27980+ A? http://www.freebsd.org. (33)
14:32:30.958155 IP 10.0.0.1.domain > 10.0.0.7.48786: 27980 2/0/0 CNAME wfe0.ysv.freebsd.org., A 8.8.178.110 (83)
3. Additionally, I have replaced the FreeBSD 9.2 server system with a LINKSYS router, just to compare the both. Result of the host command:
Code:
]14:38:02.604811 IP 10.0.0.7.22012 > 10.0.0.1.domain: 24941+ A? http://www.freebsd.org. (33)
14:38:02.678038 IP 10.0.0.1.domain > 10.0.0.7.22012: 24941 2/3/0 CNAME wfe0.ysv.freebsd.org., A 8.8.178.110 (160)
14:38:02.678204 IP 10.0.0.7.23599 > 10.0.0.1.domain: 22254+ AAAA? wfe0.ysv.freebsd.org. (38)
14:38:02.712653 IP 10.0.0.1.domain > 10.0.0.7.23599: 22254 1/3/0 AAAA 2001:1900:2254:206a::50:0 (154)
14:38:02.712764 IP 10.0.0.7.10735 > 10.0.0.1.domain: 57237+ MX? wfe0.ysv.freebsd.org. (38)
14:38:02.791257 IP 10.0.0.1.domain > 10.0.0.7.10735: 57237 1/3/0 MX . 0 (141)
4. Result of web browsing with Firefox, using the same LINKSYS router:
Code:
14:40:06.060445 IP 10.0.0.7.39851 > 10.0.0.1.domain: 20076+ A? http://www.freebsd.org. (33)
14:40:06.077092 IP 10.0.0.7.19383 > 10.0.0.1.domain: 9805+ A? ssl.google-analytics.com. (42)
14:40:06.084364 IP 10.0.0.1.domain > 10.0.0.7.39851: 20076 2/3/0 CNAME wfe0.ysv.freebsd.org., A 8.8.178.110 (160)
14:40:06.084400 IP 10.0.0.7.38683 > 10.0.0.1.domain: 20077+ AAAA? http://www.freebsd.org. (33)
14:40:06.100083 IP 10.0.0.1.domain > 10.0.0.7.19383: 9805 2/0/0 CNAME ssl-google-analytics.l.google.com., A 173.194.39.126 (102)
14:40:06.100121 IP 10.0.0.7.49614 > 10.0.0.1.domain: 9806+ AAAA? ssl.google-analytics.com. (42)
14:40:06.107241 IP 10.0.0.1.domain > 10.0.0.7.38683: 20077 2/3/0 CNAME wfe0.ysv.freebsd.org., AAAA 2001:1900:2254:206a::50:0 (172)
(...)
Additional info:
My ipfw rules are currently the following (for the sake of testing):
Code:
# ipfw list
65535 allow ip from any to any
I have checked
netstat -na | grep 53
, and the port bindings were okay (both UDP and TCP).Do you have an idea why I cannot browse the web and how to fix it?
If you need any more information just ask.
Thanks in advance.