[완료]ip 매스커레이딩시 DNS 설정에 관해서 질문 있습니다.
현재 외부 네트워크 ----- node1 ----- node2
이런 식으로 컴퓨터가 연결되어 있고 node1에 랜카드 2장을 이용해서 node1과 node2를 내부 내트웍으로
묶고 node1에 받는 ip를 매스커래이딩 해서 node2에서 인터넷에 연결하려 합니다.
네임 서버는
[root@node1 ~]# cat /etc/resolv.conf
search cluster.domain
nameserver xxx.xxx.xxx.xxx
[root@node1 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT esp -- anywhere anywhere
ACCEPT ah -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nfs
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:telnet
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:nameserver
ACCEPT udp -- anywhere anywhere state NEW udp dpt:nameserver
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:domain
ACCEPT udp -- anywhere anywhere state NEW udp dpt:domain
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:xdmcp
ACCEPT udp -- anywhere anywhere state NEW udp dpt:xdmcp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
[root@node1 ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@node1 ~]#
와 같이 node1에 네임서버 설정과 방화벽 설정이 되어있는 상태고 node2의 방화벽은 꺼둔 상태입니다.
그런데 node2에서 firefox로 인터넷을 하거나 yum을 이용한 update를 하려고 시도하면 페이지를
찾지 못하거나 접속이 되질 않습니다. nslookup이나 ftp에 도메인을 입력해서 시도하면 잘 되는 것으로
봐서는 DNS에 문제가 있는 것은 아닌듯 한데 무엇이 문제인가요?
[root@node2 ~]# ftp ftp.kaist.ac.kr
Connected to ftp.kaist.ac.kr (143.248.234.110).
220 KAIST File Archive (ftp.kaist.ac.kr)
Name (ftp.kaist.ac.kr:root): anonymous
331 Please specify the password.
Password:
230-
230- Welcome to KAIST File Archive, ftp.kaist.ac.kr!
....
230- For more information about our archive,
230- please visit: http://ftp.kaist.ac.kr/
230-
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> exit
221 Goodbye.
[root@node2 ~]# nslookup daum.net
Server: xxx.xxx.xxx.xxx
Address: xxx.xxx.xxx.xxx#53
Non-authoritative answer:
Name: daum.net
Address: 211.115.77.214
Name: daum.net
Address: 211.115.115.211
Name: daum.net
Address: 211.115.115.212
Name: daum.net
Address: 211.115.77.211
Name: daum.net
Address: 211.115.77.212
Name: daum.net
Address: 211.115.77.213
[root@node2 ~]# yum update
Loading "priorities" plugin
Loading "fastestmirror" plugin
Loading "installonlyn" plugin
Setting up Update Process
Setting up repositories
Could not retrieve mirrorlist http://mirrorlist.centos.org/?release=5&arch=x86_64&repo=os error was
[Errno 4] IOError:
Error: Cannot find a valid baseurl for repo: base
[root@node2 ~]#
여기서 제가 어떤걸 빼먹었길래 이런 결과를 가져 오는것인지 알고 싶습니다.
제가 좀더 설명해 드려야 하는 부분이 더 있나요?
node1 의 방화벽
node1 의 방화벽 규칙에 http 가 없는 것 같습니다.
OTL
그런거였군요 :-)
httpd 포트도 열어줘야 하는지 몰랐네요 :-)
잘되요~ 감사합니다^^
Am I honest?
Am I honest?
댓글 달기