My ISP up and died on me so I'm getting by, having reconfigged my LEAF box to use the ppp (serial modem) package, instead of the pppoe/ppp package. As a consequence I have removed eth0 and now have ppp0 as the internet interface. eth1 = private LAN, eth2 = DMZ. I get assigned a dynamic IP address on ppp0, via the modem's dialing-in.
With this changed setup the problem is that I can resolve DNS names when asked to do so by PC's that are on the private LAN and for the machine on the DMZ, too (e.g. ping www.yahoo.com resolves and pings fine). However I get the following msg if I try to do the same ping from the firewall itself:
ping: www.yahoo.com: Host name lookup failure
I've read the dnscache docs and sought on this leaf-user list for any hints but found none that have panned out.
I had previously mentioned that I was playing with having a second copy of dnscache running (called dnscach2). I have removed that reference from lrpkg.cfg so that should not be an issue. As well, shorewall makes no complaints (i.e. log entries) about port 53 traffic, nor ICMP packets.
Does anyone have any ideas? I fear that I've exhausted the documentation that's available (dnscache homepage, LEAF docs, google ...).
Thanks for any help that might come my way.
scott; canada
Here's some config info that might shed some light: grep -v "^#" /etc/network/interfaces ==================================== auto lo iface lo inet loopback
auto ppp0
iface ppp0 inet ppp
provider providerauto eth1
iface eth1 inet static
address 192.168.0.254
masklen 24
broadcast 192.168.0.255auto eth2
iface eth2 inet static
address 10.0.0.254
masklen 24
broadcast 10.0.0.255grep -v "^#" /etc/resolv.conf ==================================== search lan nameserver 127.0.0.1
grep -v "^#" /etc/networks ==================================== localnet 127.0.0.0
grep 53 /etc/shorewall/rules | grep -v "^#" ==================================== ACCEPT dmz fw udp 53 ACCEPT fw net tcp 53 ACCEPT fw net udp 53 ACCEPT loc fw udp 53
grep -v "^#" /etc/dnscache/env/IP ==================================== 192.168.0.254
grep -v "^#" /etc/dnscache/env/IPQUERY ==================================== 192.168.0 127.0.0.1
-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
