Issue
DNS Server issue
I just installed ClearOS 7.3 after my 6.9 box failed. I am trying to get DNS working correctly. It is working to the point where it is resolving host names, but in 6.x when I had a service that was on a different internal server such as teamspeak, all I had to do was type my domain name, and the DNS server would see its a request comming in on this domain name and on this port and re-direct it accordingly internally. but after installing 7.3 when I try to do the same thing internally now, it won't connect. I have to use the ip or the host name. I have double checked the ports are correct in port forwarding (external requests to the servers connect just fine), as well as set the DNS up exactly as I had it before with the same host names and everything, but if I go to mydomain.com on teamspeak, minecraft, remote desktop, anything it won't connect unless I use the hostname or IP. Does anyone have any ideas how I might fix this?
In DNS Server
Share this post:
Responses (14)
-
Accepted Answer
-
Accepted Answer
Can you google "nat reflection iptables" and/or "nat reflection iptables" and see what you come up with. It looks like you need a POSTROUTING rule as well. See this thread but I don't have time to look at it now.
Can I suggest you dump your nat firewall table before you start "iptables -nvL -t nat > some_file" just to see what is there from the port forwarding set up and to make sure any rules you add won't interfere.
Do you have a backup from your old server to see what was in the firewall? The basic ClearOS config backup will contain the data. -
Accepted Answer
Nick Howitt wrote:
Re-reading this, are you saying that, from your LAN you want to be able to type tooelerpg.com, and depending on which port you select it goes to a different machine on your LAN? If so, I don't see how that would ever work on your LAN as tooelerpg.com can only resolve to a single IP, and once resolved any routing is independent of ClearOS as a switch will route directly to a LAN IP without reference to ClearOS.
The only way I can see it working is if "NAT loopback" or "NAT reflection" works on your external IP. For this to work tooelerpg.com must resolve to your WAN IP, so no need for an entry in the DNS server/hosts file. I don't think it works out of the box in ClearOS, but I may be wrong. I think you could add a bunch of iptables rules for this to work along the lines:
You can tweak the rule todo more that one port at a time. If you do this as a custom firewall rule replace "iptables" with "$IPTABLES" OTOH I could be completely wrong.iptables -I PREROUTING -d your_wan_ip -s 10.32.64.0/24 -p your_destination_port -j DNAT --to-destination your_LAN_destination_IP
yes thats the way that my cos 6 box worked. I just used tooelerpg.com and depending on what port the program used (teamspeak, minecraft, rdp, etc) it automatically forwarded to the correct server -
Accepted Answer
Re-reading this, are you saying that, from your LAN you want to be able to type tooelerpg.com, and depending on which port you select it goes to a different machine on your LAN? If so, I don't see how that would ever work on your LAN as tooelerpg.com can only resolve to a single IP, and once resolved any routing is independent of ClearOS as a switch will route directly to a LAN IP without reference to ClearOS.
The only way I can see it working is if "NAT loopback" or "NAT reflection" works on your external IP. For this to work tooelerpg.com must resolve to your WAN IP, so no need for an entry in the DNS server/hosts file. I don't think it works out of the box in ClearOS, but I may be wrong. I think you could add a bunch of iptables rules for this to work along the lines:
You can tweak the rule todo more that one port at a time. If you do this as a custom firewall rule replace "iptables" with "$IPTABLES" OTOH I could be completely wrong.iptables -I PREROUTING -d your_wan_ip -s 10.32.64.0/24 -p your_destination_port -j DNAT --to-destination your_LAN_destination_IP
-
Accepted Answer
-
Accepted Answer
Nick Howitt wrote:
From a windoze box, what is the output if "ipconfig /all" and "nslookup teamspeak.tooelerpg.com". Please put your results between code tags (the piece of paper icon with a <> on it).
I don't have teamspeak.tooelerpg.com in use, have been using the host name. think I might have the dns teamspeak issue resolved, but still having issues with the minecraft. used to be able to just use tooelerpg.com internally and it would redirect to the minecraft server on a different machine, but now im having to use mc.tooelerpg.com
the output of ipconfig /all is
C:\Users\kacie>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-BUOH4HP
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : tooelerpg.com
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . : tooelerpg.com
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : BC-EE-7B-09-0C-18
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::79b6:eb5c:615f:651%5(Preferred)
IPv4 Address. . . . . . . . . . . : 10.32.64.240(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Thursday, June 8, 2017 6:29:36 PM
Lease Expires . . . . . . . . . . : Sunday, June 11, 2017 1:27:34 PM
Default Gateway . . . . . . . . . : 10.32.64.1
DHCP Server . . . . . . . . . . . : 10.32.64.1
DHCPv6 IAID . . . . . . . . . . . : 62713467
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-B8-34-8C-BC-EE-7B-09-0C-18
DNS Servers . . . . . . . . . . . : 10.32.64.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Wireless LAN adapter Local Area Connection* 1:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
Physical Address. . . . . . . . . : 80-56-F2-B7-D7-F3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 80-56-F2-B7-D7-F1
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Bluetooth Network Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 80-56-F2-B7-D7-F2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Local Area Connection* 2:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:188b:3bf9:f5df:bf0f(Preferred)
Link-local IPv6 Address . . . . . : fe80::188b:3bf9:f5df:bf0f%2(Preferred)
Default Gateway . . . . . . . . . : ::
DHCPv6 IAID . . . . . . . . . . . : 301989888
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-B8-34-8C-BC-EE-7B-09-0C-18
NetBIOS over Tcpip. . . . . . . . : Disabled
and the output of nslookup mc.tooelerpg.com is:
Server: tooelerpg.com
Address: 10.32.64.1
Name: mc.tooelerpg.com
Address: 10.32.64.128 -
Accepted Answer
-
Accepted Answer
-
Accepted Answer
Dave Loper wrote:
What are the contents of the following two files:
/etc/resolv.conf
/etc/resolv-peerdns.conf
/etc/resolv.conf is:
Please do not edit this file.
# See http://www.clearcenter.com/support/documentation/clearos_guides/dns_and_r$
domain tooelerpg.com
nameserver 127.0.0.1
/etc/resolv-peerdns.conf is:
GNU nano 2.3.1 File: /etc/resolv-peerdns.conf
nameserver 75.75.75.75
nameserver 75.75.76.76
both name servers are my ISP's nameserver. -
Accepted Answer
correct, if I type in the full internal host name it will connect, but if I just type mydomain.com into teamspeak, minecraft, etc. it wont' connect. when I was using COS 6 I could just type in mydomain.com and my cos 6 box would see that im internal and the service requested is on port x which is at ip x and automatically route and connect me. now it wont', I have to use the FQDN or just the host name or IP.
[edit]
Or have I misunderstood. Are you saying that teamspeak.mydomain.com works internally but teamspeak on its own does not?
[/edit][/quote] -
Accepted Answer
-
Accepted Answer
So, if you have set up your DNS Server (Webconfig > Network > Infrastructure > DNS Server) correctly - you can check by looking in /etc/hosts - it suggests your clients are not using ClearOS as their DNS server. You can check from a Windoze box by doing an "ipconfig /all" and seeing what it shows as DNS Server.
If you are using ClearOS as a DHCP server, check that you have set Webconfig > Network > Infrastructure > DHCP Server > your LAN interface > Edit > DNS #1 to your ClearOS LAN IP. If you have not, change it then either reboot the clients or renew their DHCP leases ("ipconfig /release" then "ipconfig /renew" in Windoze).
[edit]
Or have I misunderstood. Are you saying that teamspeak.mydomain.com works internally but teamspeak on its own does not?
[/edit]
Please login to post a reply
You will need to be logged in to be able to post a reply. Login using the form on the right or register an account if you are new here.
Register Here »