Thanx to everyone on the list who helped me a lot. Firewall box is now running!! Nice tool (pmfirewall) ;-) This is the real Linux community.
Gary Hennigan wrote: > Nate Amsden <[EMAIL PROTECTED]> writes: > > not sure what kernels your using but: > > > > - i've never gotten MASQ to work with DNS on 2.2 i've always had to put > > a DNS on the masq machine and point machines to it instead, this was not > > the case in 2.0 where it was able to masq without any trouble. > > Hmm. I'm not sure what you mean here. I have a firewall/masq machine > and I know for a fact that my main PC, which sits behind this > firewall, has no problem reaching my remote DNS servers using > masquerading (I don't currently run a DNS server myself). > > > try putting a DNS on yer masq box and point everything to it. > > Yikes! That's not a trivial task and it's of questionable value given > what I'm able to do, as stated above. > > > Willi Dyck wrote: > > > > > > Hi. > > > > > > I don't understand the world (Debian)anymore. > > > As soon as I compile things like > > > - ip firewalling > > > - ip masquerading > > > - ip forwarding into the kernel, I can't ping any host by it's name. > > > I am able to ping IP's. Seems like a DNS Lookup failure. But why?? > > > I didn't changed any file I only compiled the features listed above. > > > When I boot the old kernel again the problem seems to be gone. > > > WHY??? What is the logical thing here??? > > > Thanx for your help. > > My guess is that you've got a chain in the default rules that's > blocking DNS access. DNS access isn't a simple one to block/unblock, > if I remember correctly. Just look at the logs (/var/log/syslog) and > see if any of the output rules, with a source inside your LAN, is > being denied. Personally, if I were you I'd get PMFirewall, > > http://www.pmfirewall.com/PMFirewall/ > > And start with the rules they insert and build on that. > > It's quick, asks simple questions and gets you going quickly. > > Gary > > -- > Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
