On Tue, Dec 12, 2000 at 09:58:08PM +0900, Henry Nelson wrote:
> Since moving my name server inside a firewall, I can no longer
> do lookups on other clients inside the firewall, while lookup
> requests originating from outside the firewall work fine.  The
> error message I get from nslookup is "can't find server name for
> address aaa.bbb.ccc.149: No response from server."  From telnet
> or ftp I get: "Host name lookup failure."  Somewhat unique about
> the ipf/ipnat box is that its external nic has two IPs.  The one
> that is an alias is the name server.
> 
> /etc/ipnat.conf looks like:
> map ep0 192.168.2.0/24 -> aaa.bbb.ccc.21/32 proxy port ftp ftp/tcp
> map ep0 192.168.2.0/24 -> aaa.bbb.ccc.21/32 portmap tcp/udp 40000:60000
> map ep0 192.168.2.0/24 -> aaa.bbb.ccc.21/32
> rdr ep0 aaa.bbb.ccc.21/0 port 80 -> 192.168.2.21 port 80 tcp/udp
> rdr ep0 aaa.bbb.ccc.149/0 port 53 -> 192.168.2.149 port 53 tcp/udp
> 
> /etc/ifconfig.ep0 looks like:
> aaa.bbb.ccc.21 netmask 0xffffff00
> aaa.bbb.ccc.149 netmask 0xffffffff alias
> 
> Any ideas much appreciated.  TIA.
> 
> henry nelson
> 

Is the IP of the internal NIC is used as the default gateway (the router)
for the internal clients?  Try 'ping -n ' on an external IP address from
one of the clients.  Will the internal clients use aaa.bbb.ccc.149 or
192.168.2.149 as the DNS server?  Could you post the output of
'netstat -nr'?  Have you placed 'sysctl -w net.inet.ip.forwarding=1' in
your /etc/rc.local?

Ben