On Sun, Sep 28, 2003 at 04:57:28AM +0300, Sami N??t?nen wrote: > Do you have DNS in the nat firewall? > If you do, you don't allow these queries to come in to it. > But you should see these in your log.
Thats one thing that someone on the netfilter list has suggest, that my firewall isn't letting dns queries through. Flushing all rules and just having the rule from the NAT howto iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE doesn't work, where eth0 is the connection to the outside world. using ethereal it appears that packets are being received at eth1, the local network, but eth1 is not transmitting these packets. I know that the card that supplies eth1 works as it used to supply eth0 in my old machine. > Could you possibly post what the status thing in your script outputs? skymoo root # /etc/init.d/firewall showstatus * Status... Chain INPUT (policy DROP 10 packets, 1392 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 2 15 1136 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 3 0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 Chain FORWARD (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 2 0 0 ACCEPT all -- * * 10.0.0.0/24 0.0.0.0/0 Chain OUTPUT (policy DROP 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 13 749 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 * NAT status Chain PREROUTING (policy ACCEPT 10 packets, 1392 bytes) num pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) num pkts bytes target prot opt in out source destination 1 1 60 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 1 packets, 60 bytes) num pkts bytes target prot opt in out source destination [ ok ] skymoo root # Cheers Adam -- [EMAIL PROTECTED] mailing list