The basic question you need to answer for us is: how is your system doing DNS? Are you running your own DNS server on the router and using it to do DNS directly (i.e., starting at the roo servers and working down)? Are you running a DNS server that uses your ISP's DNS server(s) as forwarder(s)? Are the clients on your LAN using the ISP's DNS servers directly? Something else?
As a general matter, if you want to be able to access the Internet using FQNs (and not just IP addresses directly, something nobody does), you need to allow *some* UDP traffic from port 53 in. Otherwise, off-LAN DNS servers will be unable to respond to the queries you send them ... and while I don't know from what you sent *how* you do (off-site) DNS queries, you must be doing them *somehow*. It would not surprise me if the "current connections" you list below were incomplete DNS queries. If so, the reason "no one on the homenetwork can connect to the Internet" may be that you have an undiagnosed DNS problem, so URLs (or FQNs for whatever services you mean by "connect") do not resolve. The mere existence of open connections should not prevent LAN users from accessing the Internet (at least not in in the quantities you report ... you are in no danger of running out of ports). You might want to report with a more descriptive trouble report. The "SR FAQ" link below will help you do so, if you care to try this approach. (I don't recall your prior postings, but if you really got no responses, it may be that they were too vague to elicit anything useful. There are enough of us regulars, with a wide range of expertises and tempraments, that it is rare that no one responds to a query.) At 10:34 PM 6/13/02 -0500, Steve Jeppesen wrote: >I am having trouble with these "established connections" showing up in my >viewmasq >log to the point where no one on the homenetwork can connect to the Internet. > >The problem seemed to go away after AT$T assigned new IP's for everyone in the >neighborhood, but just today it reared its ugly head again. I have asked >for help >before from the list here, but nobody replied to my posts. > >Please tell me at least is it something I am being ignorant about and not >researching the problem enough myself before posting here? Or is it that >nobody >here knows what to do about it? > >It seems there should be a way to modify network.conf (Dachstein CD V1.02) to >not allow any external connections from any IP using port 53 - is there >something >in network.conf that would work? I have looked thru network.conf but do >not see anything that might help block external connections to eth0 > >Here is a small portion of my "Current connections" as reported in viewmasq; > >Active Internet connections (w/o servers) >Proto Recv-Q Send-Q Local Address Foreign >Address State >tcp 0 0 >192.168.1.254:80 192.168.1.2:33449 ESTABLISHED >tcp 0 0 >192.168.1.254:80 192.168.1.2:33447 TIME_WAIT >tcp 0 0 >192.168.1.254:80 192.168.1.2:33446 TIME_WAIT >tcp 0 0 >192.168.1.254:80 192.168.1.2:33444 TIME_WAIT >udp 0 0 >24.118.176.137:52220 192.203.230.10:53 ESTABLISHED >udp 0 0 >24.118.176.137:43084 128.8.10.90:53 ESTABLISHED >udp 0 0 >24.118.176.137:21690 128.63.2.53:53 ESTABLISHED >udp 0 0 >24.118.176.137:34665 128.8.10.90:53 ESTABLISHED >udp 0 0 >24.118.176.137:30698 192.33.4.12:53 ESTABLISHED >udp 0 0 >24.118.176.137:31418 198.32.64.12:53 ESTABLISHED >udp 0 0 >24.118.176.137:40885 198.41.0.4:53 ESTABLISHED >udp 0 0 >24.118.176.137:22397 198.41.0.10:53 ESTABLISHED >udp 0 0 >24.118.176.137:48569 192.36.148.17:53 ESTABLISHED >udp 0 0 >24.118.176.137:18114 193.0.14.129:53 ESTABLISHED >udp 0 0 >24.118.176.137:39686 128.63.2.53:53 ESTABLISHED >udp 0 0 >24.118.176.137:53853 128.8.10.90:53 ESTABLISHED >udp 0 0 >24.118.176.137:55249 198.41.0.10:53 ESTABLISHED >udp 0 0 >24.118.176.137:35631 198.32.64.12:53 ESTABLISHED >udp 0 0 >24.118.176.137:24105 202.12.27.33:53 ESTABLISHED >udp 0 0 >24.118.176.137:13567 193.0.14.129:53 ESTABLISHED >udp 0 0 >24.118.176.137:19059 192.5.5.241:53 ESTABLISHED >udp 0 0 >24.118.176.137:13893 193.0.14.129:53 ESTABLISHED > >Notice the Foreign Address column... >How can I block those xxx.xxx.xxx.xxx:53 using Dachstein? > >Thanks for any help and/or replies - I am pulling my hair out over this, >what hair I have left! -- -----------------------------------------------"Never tell me the odds!"-------------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------------------- _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas - http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
