Thanx to everyone on the list who helped me a lot. Firewall box is now running!!
Nice tool (pmfirewall) ;-)
This is the real Linux community.

Gary Hennigan wrote:

> Nate Amsden <[EMAIL PROTECTED]> writes:
> > not sure what kernels your using but:
> >
> > - i've never gotten MASQ to work with DNS on 2.2 i've always had to put
> > a DNS on the masq machine and point machines to it instead, this was not
> > the case in 2.0 where it was able to masq without any trouble.
>
> Hmm. I'm not sure what you mean here. I have a firewall/masq machine
> and I know for a fact that my main PC, which sits behind this
> firewall, has no problem reaching my remote DNS servers using
> masquerading (I don't currently run a DNS server myself).
>
> > try putting a DNS on yer masq box and point everything to it.
>
> Yikes! That's not a trivial task and it's of questionable value given
> what I'm able to do, as stated above.
>
> > Willi Dyck wrote:
> > >
> > > Hi.
> > >
> > > I don't understand the world (Debian)anymore.
> > > As soon as I compile things like
> > > - ip firewalling
> > > - ip masquerading
> > > - ip forwarding into the kernel, I can't ping any host by it's name.
> > > I am able to ping IP's. Seems like a DNS Lookup failure. But why??
> > > I didn't changed any file I only compiled the features listed above.
> > > When I boot the old kernel again the problem seems to be gone.
> > > WHY??? What is the logical thing here???
> > > Thanx for your help.
>
> My guess is that you've got a chain in the default rules that's
> blocking DNS access. DNS access isn't a simple one to block/unblock,
> if I remember correctly. Just look at the logs (/var/log/syslog) and
> see if any of the output rules, with a source inside your LAN, is
> being denied. Personally, if I were you I'd get PMFirewall,
>
> http://www.pmfirewall.com/PMFirewall/
>
> And start with the rules they insert and build on that.
>
> It's quick, asks simple questions and gets you going quickly.
>
> Gary
>
> --
> Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] < /dev/null

Reply via email to