Could you use multiple aliases in /etc/hosts and make sure the hosts file is referenced before DNS?

for example

10.32.64.128 hostname     tooelerpg.com mc.tooelerpg.com ts.tooelerpg.com

Can you google "nat reflection iptables" and/or "nat reflection iptables" and see what you come up with. It looks like you need a POSTROUTING rule as well. See this thread but I don't have time to look at it now.

Can I suggest you dump your nat firewall table before you start "iptables -nvL -t nat > some_file" just to see what is there from the port forwarding set up and to make sure any rules you add won't interfere.

Do you have a backup from your old server to see what was in the firewall? The basic ClearOS config backup will contain the data.

Nick Howitt wrote:

Re-reading this, are you saying that, from your LAN you want to be able to type tooelerpg.com, and depending on which port you select it goes to a different machine on your LAN? If so, I don't see how that would ever work on your LAN as tooelerpg.com can only resolve to a single IP, and once resolved any routing is independent of ClearOS as a switch will route directly to a LAN IP without reference to ClearOS.

The only way I can see it working is if "NAT loopback" or "NAT reflection" works on your external IP. For this to work tooelerpg.com must resolve to your WAN IP, so no need for an entry in the DNS server/hosts file. I don't think it works out of the box in ClearOS, but I may be wrong. I think you could add a bunch of iptables rules for this to work along the lines:

iptables -I PREROUTING -d your_wan_ip -s 10.32.64.0/24 -p your_destination_port -j DNAT --to-destination your_LAN_destination_IP

You can tweak the rule todo more that one port at a time. If you do this as a custom firewall rule replace "iptables" with "$IPTABLES" OTOH I could be completely wrong.

yes thats the way that my cos 6 box worked. I just used tooelerpg.com and depending on what port the program used (teamspeak, minecraft, rdp, etc) it automatically forwarded to the correct server

Re-reading this, are you saying that, from your LAN you want to be able to type tooelerpg.com, and depending on which port you select it goes to a different machine on your LAN? If so, I don't see how that would ever work on your LAN as tooelerpg.com can only resolve to a single IP, and once resolved any routing is independent of ClearOS as a switch will route directly to a LAN IP without reference to ClearOS.

The only way I can see it working is if "NAT loopback" or "NAT reflection" works on your external IP. For this to work tooelerpg.com must resolve to your WAN IP, so no need for an entry in the DNS server/hosts file. I don't think it works out of the box in ClearOS, but I may be wrong. I think you could add a bunch of iptables rules for this to work along the lines:

iptables -I PREROUTING -d your_wan_ip -s 10.32.64.0/24 -p your_destination_port -j DNAT --to-destination your_LAN_destination_IP

You can tweak the rule todo more that one port at a time. If you do this as a custom firewall rule replace "iptables" with "$IPTABLES" OTOH I could be completely wrong.

Nick Howitt wrote:

I am totally puzzled. What about "nslookup mc"?

Server:  tooelerpg.com

Address:  10.32.64.1



Name:    mc.tooelerpg.com

Address:  10.32.64.128

I am totally puzzled. What about "nslookup mc"?

Nick Howitt wrote:

From a windoze box, what is the output if "ipconfig /all" and "nslookup teamspeak.tooelerpg.com". Please put your results between code tags (the piece of paper icon with a <> on it).

I don't have teamspeak.tooelerpg.com in use, have been using the host name. think I might have the dns teamspeak issue resolved, but still having issues with the minecraft. used to be able to just use tooelerpg.com internally and it would redirect to the minecraft server on a different machine, but now im having to use mc.tooelerpg.com


the output of ipconfig /all is

C:\Users\kacie>ipconfig /all



Windows IP Configuration



   Host Name . . . . . . . . . . . . : DESKTOP-BUOH4HP

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

   DNS Suffix Search List. . . . . . : tooelerpg.com



Ethernet adapter Ethernet:



   Connection-specific DNS Suffix  . : tooelerpg.com

   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller

   Physical Address. . . . . . . . . : BC-EE-7B-09-0C-18

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::79b6:eb5c:615f:651%5(Preferred)

   IPv4 Address. . . . . . . . . . . : 10.32.64.240(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Thursday, June 8, 2017 6:29:36 PM

   Lease Expires . . . . . . . . . . : Sunday, June 11, 2017 1:27:34 PM

   Default Gateway . . . . . . . . . : 10.32.64.1

   DHCP Server . . . . . . . . . . . : 10.32.64.1

   DHCPv6 IAID . . . . . . . . . . . : 62713467

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-B8-34-8C-BC-EE-7B-09-0C-18

   DNS Servers . . . . . . . . . . . : 10.32.64.1

   NetBIOS over Tcpip. . . . . . . . : Enabled



Wireless LAN adapter Local Area Connection* 1:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter

   Physical Address. . . . . . . . . : 80-56-F2-B7-D7-F3

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes



Wireless LAN adapter Wi-Fi:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : 802.11n Wireless LAN Card

   Physical Address. . . . . . . . . : 80-56-F2-B7-D7-F1

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes



Ethernet adapter Bluetooth Network Connection:



   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)

   Physical Address. . . . . . . . . : 80-56-F2-B7-D7-F2

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes



Tunnel adapter Local Area Connection* 2:



   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:188b:3bf9:f5df:bf0f(Preferred)

   Link-local IPv6 Address . . . . . : fe80::188b:3bf9:f5df:bf0f%2(Preferred)

   Default Gateway . . . . . . . . . : ::

   DHCPv6 IAID . . . . . . . . . . . : 301989888

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-B8-34-8C-BC-EE-7B-09-0C-18

   NetBIOS over Tcpip. . . . . . . . : Disabled

and the output of nslookup mc.tooelerpg.com is:

Server: tooelerpg.com
Address: 10.32.64.1

Name: mc.tooelerpg.com
Address: 10.32.64.128

From a windoze box, what is the output if "ipconfig /all" and "nslookup teamspeak.tooelerpg.com". Please put your results between code tags (the piece of paper icon with a <> on it).

Nick Howitt wrote:

What is the contents of /etc/dnsmasq.conf?

bogus-priv
cache-size=5000
conf-dir=/etc/dnsmasq.d
dhcp-authoritative
dhcp-lease-max=1000
domain-needed
domain=tooelerpg.com
expand-hosts
no-negcache
port=53
resolv-file=/etc/resolv-peerdns.conf
strict-order
user=nobody

What is the contents of /etc/dnsmasq.conf?

Dave Loper wrote:

What are the contents of the following two files:

/etc/resolv.conf
/etc/resolv-peerdns.conf

/etc/resolv.conf is:

Please do not edit this file.
# See http://www.clearcenter.com/support/documentation/clearos_guides/dns_and_r$
domain tooelerpg.com
nameserver 127.0.0.1

/etc/resolv-peerdns.conf is:

GNU nano 2.3.1 File: /etc/resolv-peerdns.conf

nameserver 75.75.75.75
nameserver 75.75.76.76


both name servers are my ISP's nameserver.

correct, if I type in the full internal host name it will connect, but if I just type mydomain.com into teamspeak, minecraft, etc. it wont' connect. when I was using COS 6 I could just type in mydomain.com and my cos 6 box would see that im internal and the service requested is on port x which is at ip x and automatically route and connect me. now it wont', I have to use the FQDN or just the host name or IP.

[edit]
Or have I misunderstood. Are you saying that teamspeak.mydomain.com works internally but teamspeak on its own does not?
[/edit][/quote]

What are the contents of the following two files:

/etc/resolv.conf
/etc/resolv-peerdns.conf

So, if you have set up your DNS Server (Webconfig > Network > Infrastructure > DNS Server) correctly - you can check by looking in /etc/hosts - it suggests your clients are not using ClearOS as their DNS server. You can check from a Windoze box by doing an "ipconfig /all" and seeing what it shows as DNS Server.

If you are using ClearOS as a DHCP server, check that you have set Webconfig > Network > Infrastructure > DHCP Server > your LAN interface > Edit > DNS #1 to your ClearOS LAN IP. If you have not, change it then either reboot the clients or renew their DHCP leases ("ipconfig /release" then "ipconfig /renew" in Windoze).

[edit]
Or have I misunderstood. Are you saying that teamspeak.mydomain.com works internally but teamspeak on its own does not?
[/edit]