[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: a few question about IP-MASQ



On Fri, 19 Jun 1998, Aviram Jenik wrote:

> 1. do the stations (the WinXX computers) need to have the DNS configured
> to the outside DNSes? ( I configured their DNSes to be DNSes the Linux
> use. Maybe I should've put my linux machine as their only DNS?)

Yes, unless you want them to trigger a dialout every time. 

> 2. Is there a way to see the *reason* why the ppp connection was
> initialized (e.g. why request_route was executed)?

/sbin/request_route is called with the desired route. You can add a line
to it like:

echo "$(date): $1" >>/var/adm/request_route.log

and examine the results. 99% of the calls will be caused by DNS lookups.

> 3. should there be anything special in request_route? I just used the
> one from the diald howto.

Nothing special should be there, BUT there is a way to make request_route
fail with DNS-only queries. This cures mysterious unwanted dialouts. The
idea is, to have a file act as a lock. When the file is there,
request_route will dial out IFF it's a DNS request, else not. All other
route requests pass through and cause a dialout. The file can be installed
and removed by cron or by the login script of somebody (for ex. allow auto
dialout only when root is logged in or only in runlevels 3,4,5). An ACL
table can be built very easily using a set of IPs to be allowed, to be
denied etc, per runlevel.

Note that you MUST configure the nameserver on Linux and run bind if you
want sendmail and other programs to work correctly while not connected and
make sure that this nameserver is the 1st in the nameserver list in
/etc/resolv.conf, and that the order is hosts bind in host.conf. If bind
is running you can point all Windozes to it as DNS. You will have to
configure bind to use the ISP's DNS as otherwise it will reach out over
the net to get names from far away.

Peter