Best DNS records and firewall rules for a LAN

Hello World !

I’ve got a brand new Cady v.7.3.1611 that i want to put in prod at my home, 2 NICs.
But i am not familiar with dns and IT so i prefer to ask first (i didn’t understand all that i read).

I change my internet box to modem mode :

  • the red static nic got a 88.177.x.y ip / 88.177.x.254 gateway / dns.
  • the green static nic is configured with ip / 88.177.x.y gateway.
  • my lan use as gateway.

I need a AD, so i hostname my nethserver neth01.myhome.lan
I have a domain name said, with registrar’s dns that points to 88.177.x.y (mail and www).

No mail neither www module installed for now. But they will come soon.

Part 1.
Question 1 : What do i have to put in the DNS module to optimise my LAN ?
Question 2 : What do i have to put in the DNS module to make seeable from Internet ?
Question 3 : Do i have to put in my registrar dns server and why ?

Part 2. --DNS ++Firewall
Question 1 : What do i have to put in the Firewall module to optimise my LAN ?
I had to put a “Accept green -> red” rule in my firewall to let my lan go on Internet, is that right ?
Question 2 : What do i have to put in the Firewall module to make working from/to Internet ?

What i am looking for is a kind of best practices for a good LAN.

Thanks in advance from Occitanie, France.

Hi @Remy,

many questions, I hope I can help, so let’s go…

You may put your devices with static IPs in the “Hosts” list, so they can be found by their name.
You may put alias names for your Nethserver in the “server alias” list so users may reach it by easytomemorize.myhome.lan.

Nothing, this is already done by your registrar as you wrote. You can check it on NS

or here: What Is NsLookup? Use Our Online Tool To Query DNS Records. Just enter your domain and you should find your IP in the result.

It depends…if you want that is seperately reachable, you may do it. You maybe want pointing to server A and pointing to server B and so on. I assume for your home server it’s enough to let point to your public IP.

The firewall is well optimized after installing. If you don’t have a special configuration or special devices, just enable it.

No, green to red is allowed by default.

Firewall policies allow inter-zone traffic accordingly to this schema:

See Firewall — NethServer 7 Final

What should work on You may host a website on NS. Then you won’t need a firewall configuration, because httpd(web server) is allowed by default.

Please explain what was hard to understand because we want the docs to be useful and understandable. If you have ideas to improve the docs feel free to share them…

Greetings from Vienna, Austria.


Hello MrMarkuz and thanks for you kind response,

“Please explain what was hard to understand” : As i am not really gifted in english I didn’t understand that Policies are actually applied. to be applied said to me “they have to” not “they are”. Even if you say just after “Firewall policies allow …” i was a little puzzled.

I was convict of it has i lost my connection with my server when i enabled the firewall. After 10 mn i had to “sudo reboot” to gain access again. I gonna wipe the unneeded green->red rule i made.

Thanks for all your explanations, they clear & appease my mind.

Another thing, can i & how to “batch” import all my lan’s hosts hostname and ip in DNS service ? Must i use samba-tool dns add … or something else ?

Have a good day,

1 Like

If you use DHCP for giving IPs to your lan hosts, you don’t need to enter them in DNS list. How many lan hosts do you have? I don’t know an import tool, but maybe a script exists. Don’t use samba-tool, there’s no need for it.