Private in-house domain

Stephen Ryan stephen at sryanfamily.info
Tue May 15 18:56:56 EDT 2007 

On Tue, 2007-05-15 at 16:47 -0400, Tech Writer wrote:
> I am trying to create a small domain within my house, strictly for the
> purpose of getting more familiar with setting up DNS and Sendmail.
> Before any of my changes, I started with the following
> configuration:  
> 
>   * Linksys router connected to my incoming cable internet line 
>   * The router uses DHCP to assign addresses in the range of
> 192.168.1.100 through 192.168.1.120
>   * Nameservers assigned by DHCP are: 68.87.73.242 & 68.87.71.226
>  
> Since I wanted this to be a separate domain (different than the
> Linksys zone, and seen only in my house) I set it up to assign fixed
> addresses 10.25.1.10 thru 10.25.1.15.
>  
> I got all of the DNS files set up on my CentOS Linux system and
> restarted the named daemon.  At this point, I was able to use ping,
> dig and nslookup okay, and was still able to browse outside my house
> using Firefox. 
>  
> HOWEVER...  At the time my DNS was first setup and working, I was
> still using the 192.168.1.130 address that coordianted with my Linksys
> router.  As soon as I changed my local IP address to 10.15.1.10 (in
> ifcfg-eth0 and /etc/hosts) I could no longer get to the outside world
> (couldn't get a valid nslookup response or browse the internet).
>  
> Does anyone have any ideas why this might be?  Is it possible that my
> routes or gateway need to be updated now that I've switched from a
> 192.168.1.n address to the 10.25.1.n address?   If so, what needs to
> be changed?


Yes, it does.  I'm not terribly familiar with BIND, but I'll assume
those are set up correctly.  The problem does come from the IP address
mismatch.

Your problem comes from the fact that there are two kinds of IP
addresses, "local", and, well, not local.  Local addresses are part of
the same network, and can be reached just by yelling very loudly
(broadcasting an ARP request, which is asking for the Ethernet hardware
address corresponding to a given IP address; the remainder of the
conversation then takes place direct machine-to-machine).  Messages for
non-local addresses out on the internet need to be sent to an
intermediary first, which knows where to forward them.  In your case,
your Linksys router knows to forward packets to your cable modem, which
forwards them to your ISP, which in turn has a router with multiple
connections to the rest of the internet and a little table of rules that
explain where to forward packets (something like "18.x.x.x, ah, that
must be MIT, so I'll send that down the Boston link").

The network driver distinguishes between local and non-local addresses
by means of the "netmask" setting in your ifcfg-eth0.txt.  You have a
netmask of 255.255.255.0, which means, roughly, match the first three
numbers of the IP address.  Anything that starts "10.25.1." is
considered to be a local address, and sent out over Ethernet; everything
else is forwarded to the gateway.  

When you make a request to something outside your house, the IP address
is something other than 10.25.1.something, so it's a non-local address,
and the address is rewritten to the address of your gateway for eventual
forwarding.  Your gateway is set to 192.168.1.1; since it doesn't start
"10.25.1.", it too is a non-local address, and packets intended for it
need to be sent to the gateway to be forwarded.  If you are confused
right now, don't feel too bad, because the network driver is confused,
too.  

What you need to change is that your gateway has to have a local
address, so that it can be reached directly (well, okay, it always was
reachable, but the simplistic rules of network routing mean that the
computer doesn't know that).  One possible way of doing that is to add
another route to your routing table, so that it knows that 192.168.1.x
addresses are reachable by broadcast over eth0.  I'm not familiar with
CentOS, so I don't know if there's an easy way to do that.

Another way is to change your Linksys over to use 10.25.1.1 as its
address; then your gateway will be 10.25.1.1, and it will be easily
reachable.  Note though that everything else connected to it will need
to be changed to the 10.25.1.x address space, or they will have the same
problem; if they all get their addresses via DHCP, all that needs to
happen is that they be restarted (or have their DHCP clients restarted)
while the Linksys box has the new address.

The last way is to just use 192.168.1.x for your private domain, and
assign addresses outside of the DHCP-assigned addresses in that space.
This is basically the same solution as the previous one, just with a
different address space.  There's no correct answer as to which one to
pick; both the 10.x.x.x and 192.168.x.x address spaces are defined as
"private", so you can do whatever you like with them inside your house.
Traditionally, 10.x.x.x addresses are used for bigger networks and
192.168.x.x for small networks, but because they are private and you can
do as you like with them, nobody will know or care.  You just have to
set it up consistently or you'll get problems with unreachable
addresses.

> If anyone is ambitious enough to figure out what piece is missing,
> I've posted all of my configuration files on:
>   http://www.handspun.com/review/  
>  
> Edited files include:
>  
>   /var/named/chroot/etc/named.conf
>   /var/named/chroot/var/named/MyLab.org.zone
>   /var/named/chroot/var/named/1.25.10.rev-zone
>   /etc/resolv.conf
>   /etc/sysconfig/network-scripts/ifcfg-eth0
>  
> Any tips or hints would be greatly appreciated!  
>  
> Peg
> _______________________________________________
> gnhlug-discuss mailing list
> gnhlug-discuss at mail.gnhlug.org
> http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss/

More information about the gnhlug-discuss mailing list