Ahojte,
potreboval by som poradit. Dostal som sa totiz do slepej ulicky a posledne dni si lamem hlavu ako spojazdnit DNS server, ktory som nastavil vo virtualke ako forwarding.
Pokusim sa objasnit o co ide co najpresnejsie a co najzrozumitelnejsie. Ak budete mat voci hocicomu nejake vyhrady, prosim, kludne ich napiste. Budem len rad ak budem moct nieco zlepsit
Vo vmware-ku som si nainstaloval 3 (Test1, Test2 a Test3 server) guest systemy s OS openSuSE. Test1 ma sluzit ako DNS forwarding server pre lokalne servre test2 a test3. Siet je vo vmware nastavena nasledovne:
Test1: ma dve sietove karty. Jedna je "Bridged" aby mohla komunikovat so svetom. Druha je nastavena ako "host-only" aby mohol komunikovat v lokalnej sieti so servermi test2 a test3.
Test2: ma iba jednu sietovu kartu a to "host-only"
Test3: ma tak isto iba jednu sietovu kartu "host-only"
-malo by to fungovat tak, ze ak test 2 alebo 3 sa budu dotazovat tak kontaktuju test1, ktory sa spoji s mojim routerom a ten nasledne odpovie test1. Dalej sa uz iba podava informacia naspat ku test2 alebo 3.
NASTAVENIA SERVEROV:
----------------------
TEST1 server:
test1:/etc # ip a1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4a:54:89 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.102/24 brd 192.168.0.255 scope global eth0
inet6 fe80::20c:29ff:fe4a:5489/64 scope link
valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:4a:54:93 brd ff:ff:ff:ff:ff:ff
inet 192.168.136.131/24 brd 192.168.136.255 scope global eth1
inet6 fe80::20c:29ff:fe4a:5493/64 scope link
valid_lft forever preferred_lft forever
test1:/etc # route -nKernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.136.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
-komentare som vymazal. Jedine co som zmenil je, ze som odkomentoval "forwarders" cast a doplnil IP routera a google DNS server.
test1:/etc #less /etc/named.confoptions {
directory "/var/lib/named";
managed-keys-directory "/var/lib/named/dyn/";
dump-file "/var/log/named_dump.db";
statistics-file "/var/log/named.stats";
forwarders { 192.168.0.1; 8.8.4.4; };
# Enable the next entry to prefer usage of the name server declared in
# the forwarders section.
forward only;
#listen-on port 53 { 127.0.0.1; };
listen-on-v6 { any; };
#query-source address * port 53;
#transfer-source * port 53;
#notify-source * port 53;
#allow-query { 127.0.0.1; };
notify no;
disable-empty-zone "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA";
};
zone "." in {
type hint;
file "root.hint";
};
zone "localhost" in {
type master;
file "localhost.zone";
};
zone "0.0.127.in-addr.arpa" in {
type master;
file "127.0.0.zone";
};
zone "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa" IN {
type master;
file "127.0.0.zone";
};
# Include the meta include file generated by createNamedConfInclude. This
# includes all files as configured in NAMED_CONF_INCLUDE_FILES from
# /etc/sysconfig/named
include "/etc/named.conf.include";
test1:/etc # service named statusnamed.service - LSB: Domain Name System (DNS) server, named
Loaded: loaded (/etc/init.d/named)
Active: active (running) since Wed, 2014-04-30 00:39:08 CEST; 17h ago
Process: 50973 ExecStop=/etc/init.d/named stop (code=exited, status=0/SUCCESS)
Process: 50993 ExecStart=/etc/init.d/named start (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/named.service
└ 51032 /usr/sbin/named -t /var/lib/named -u named
Apr 30 00:39:08 test1 named[51032]: zone 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.a...ial 42
Apr 30 00:39:08 test1 named[51032]: zone localhost/IN: loaded serial 42
Apr 30 00:39:08 test1 named[51032]: all zones loaded
Apr 30 00:39:08 test1 named[50993]: ..done
Apr 30 00:39:08 test1 systemd[1]: Started LSB: Domain Name System (DNS) server, named.
Apr 30 00:39:08 test1 named[51032]: running
Apr 30 10:15:55 test1 named[51032]: listening on IPv4 interface eth0, 192.168.0.102#53
Apr 30 13:15:55 test1 named[51032]: listening on IPv4 interface eth1, 192.168.176.129#53
Apr 30 13:15:55 test1 named[51032]: no longer listening on 192.168.0.100#53
Apr 30 13:15:55 test1 named[51032]: no longer listening on 192.168.10.132#53
test1:/etc # rcSuSEfirewall2 status
SuSEfirewall2.service - SuSEfirewall2 phase 2
Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled)
Active: inactive (dead) since Wed, 2014-04-30 00:07:34 CEST; 17h ago
Process: 49957 ExecStop=/usr/sbin/SuSEfirewall2 systemd_stop (code=exited, status=0/SUCCESS)
Process: 14691 ExecStart=/usr/sbin/SuSEfirewall2 boot_setup (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/SuSEfirewall2.service
Apr 29 19:50:22 test1 systemd[1]: Starting SuSEfirewall2 phase 2...
Apr 29 19:50:22 test1 systemd[1]: Started SuSEfirewall2 phase 2.
Apr 29 19:50:22 test1 SuSEfirewall2[14712]: using default zone 'ext' for interface eth1
Apr 29 19:50:22 test1 SuSEfirewall2[14800]: Firewall rules successfully set
Apr 30 00:07:34 test1 SuSEfirewall2[49975]: Firewall rules unloaded.
Apr 30 00:07:34 test1 systemd[1]: Stopped SuSEfirewall2 phase 2.
test1:/etc # cat /etc/resolv.conf | grep -v ^#
search home.com
nameserver 127.0.0.1
-------------------------------
TEST2 server:
test2:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d3:ff:6e brd ff:ff:ff:ff:ff:ff
inet 192.168.136.128/24 brd 192.168.136.255 scope global eth0
inet6 fe80::20c:29ff:fed3:ff6e/64 scope link
valid_lft forever preferred_lft forever
test2:~ # route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
192.168.136.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
test2:~ # cat /etc/resolv.conf | grep -v ^#
search home.com
nameserver 192.168.136.131
test2:~ # rcSuSEfirewall2 status
SuSEfirewall2.service - SuSEfirewall2 phase 2
Loaded: loaded (/usr/lib/systemd/system/SuSEfirewall2.service; enabled)
Active: inactive (dead) since Wed, 2014-04-30 00:12:19 CEST; 17h ago
Process: 33440 ExecStop=/usr/sbin/SuSEfirewall2 systemd_stop (code=exited, status=0/SUCCESS)
Process: 2437 ExecStart=/usr/sbin/SuSEfirewall2 boot_setup (code=exited, status=0/SUCCESS)
CGroup: name=systemd:/system/SuSEfirewall2.service
Apr 29 18:09:20 test2 systemd[1]: Starting SuSEfirewall2 phase 2...
Apr 29 18:09:20 test2 systemd[1]: Started SuSEfirewall2 phase 2.
Apr 29 18:09:20 test2 SuSEfirewall2[2443]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
Apr 29 18:09:23 test2 SuSEfirewall2[2545]: Firewall rules successfully set
Apr 30 00:12:19 test2 systemd[1]: Stopping SuSEfirewall2 phase 2...
Apr 30 00:12:19 test2 SuSEfirewall2[33458]: Firewall rules unloaded.
Apr 30 00:12:19 test2 systemd[1]: Stopped SuSEfirewall2 phase 2.
TEST3 je nastaveny tak isto ako aj TEST2.
PROBLEM:
Ak skusim pingnut hocico na teset2 alebo 3 vypise mi to:
test2:~ # ping www.google.com
connect: Network is unreachableNa test1 avsak funguje vsetko ako ma:
test1:/etc # ping -c 3 www.google.com
PING
www.google.com (173.194.70.99) 56(84) bytes of data.
64 bytes from fa-in-f99.1e100.net (173.194.70.99): icmp_seq=1 ttl=44 time=20.0 ms
64 bytes from fa-in-f99.1e100.net (173.194.70.99): icmp_seq=2 ttl=44 time=19.9 ms
64 bytes from fa-in-f99.1e100.net (173.194.70.99): icmp_seq=3 ttl=44 time=19.8 ms
---
www.google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 19.886/19.957/20.067/0.181 ms
Test1 ide pingnut zo servera test2:
test2:~ # ping -c 3 192.168.136.131
PING 192.168.136.131 (192.168.136.131) 56(84) bytes of data.
64 bytes from 192.168.136.131: icmp_seq=1 ttl=64 time=0.626 ms
64 bytes from 192.168.136.131: icmp_seq=2 ttl=64 time=0.335 ms
64 bytes from 192.168.136.131: icmp_seq=3 ttl=64 time=0.265 ms
--- 192.168.136.131 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.265/0.408/0.626/0.158 ms
Dakujem pekne za kazdu jednu radu