9/8/2010 11:48:57 PM 
Cyber Dog Tech Title Image
Title Image
 
Blue Arrow Work
 •Debian Firewall
    Tutorial
 •Projects
 •School [RPI]
 •Writing
 •Random
 
Green Arrow Personal
 •GPG Key
    [7070384A]
 •Paranormal
    Library
 •Memberships
 •BOINC Stats
 •Folding@Home
 
Red Arrow Misc
 •Old News
 •AIM Quote
    Locker
 •Driving in NC
 •Top 12
 •Archives
 
Purple Arrow Hosted
 •Pyro's Nook
 •Agents Point
    Archives
 
Yellow Arrow Contact
 •Feedback Form
 
Jinx Hackware
 
Valid XHTML 1.0!
Valid CSS!
Green ArrowGreen Arrow Debian Firewalls -- DNS Green ArrowGreen Arrow
 
    Now that we have a functioning firewall, lets add some basic network services to get our network really running at full throttle. First off, we can add a DNS proxy. This step is totally optional.

   Basically a proxy works as a "man in the middle" between the client and the server computers. Proxies serve many purposes, some of the most common of which are providing fast access to popular material, and allowing filtering of data. The purpose of the DNS proxy is rather straight forward. Rather than having all the computers on the local network send traffic to our ISP's DNS servers, we have the local machines send their requests to our firewall. Our firewall then looks up the DNS information on the behalf of the machines, and returns the information to them. This allows for one specific benefit: speed. Our server is often referred to as a caching name server, because it stores the DNS records after it looks them up. Even if clients on your network request www.debian.org 20 times, the firewall only has to request the information from the ISP once...it uses its own memory to answer the other 19 queries. And since the local network is always faster than the internet connection, this should boost the speed of our DNS lookups. For our DNS Proxy we'll be using the dnsmasq package (http://www.thekelleys.org.uk/dnsmasq).
Alternative Alert! - DNSMasq
Once again, DNSMasq is just one of the potential solutions to the problem; there are several other options available. One popular one might be BIND (the Berkeley Internet Name Domain). In fact, just about any DNS server will fill the role. DNSMasq was chosen because it's lightweight, easy to configure, and was create with just this job in mind.
 
   Let's get started by installing dnsmasq:

Firewall:~# apt-get install dnsmasq

   With dnsmasq we only have one configuration file: /etc/dnsmasq.conf

Firewall:~# nano -w /etc/dnsmasq.conf

   As is the running theme, there's lots of options here we won't touch on. Read the documentation completely so you know what the package is capable of. DNSMasq should work for us straight "out of the box" so there's no need to change any configurations unless you want to. If you change the config, restart it up with:

Firewall:~# /etc/init.d/dnsmasq restart
Proceed to Step 8 - DHCP
 
Copyright © 2006 Matt LaPlante. All rights reserved.
Page created in 0.0019 seconds.