"Michael D. Schleif" wrote: > > Matthew Schalit wrote: > > <snip /> > > > Please tell me you've added ipchains -l logging to every packet > > 1) inbound on dmz nic > > 2) outbound from dmz nic > > 3) inbound on internal nic > > 4) outbound on internal nic > > 5) forwarded by any forward rule > > > > and repost the trail of a dns request from the dmz, judiciously snipping > > and trimming if you please. > > NOTE: I haven't yet figured out how to get the forward/MASQ chain to log > properly.
OK, I have finally determined that the one MASQ rule has no effect. Without any special forward rule, dnscache is queried; but, no answer makes it back to the asker. I've run out of ideas for tonight; so, <http://www.helices.org/tmP/ipchains.bluetrout.txt> ought to remain static for awhile . . . What do you think? -- Best Regards, mds mds resource 888.250.3987 Dare to fix things before they break . . . Our capacity for understanding is inversely proportional to how much we think we know. The more I know, the more I know I don't know . . . ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html