Suggestion: Why don't you add -l to the "deny all" final rule, then, tail -f /var/log/messages and try again the nslookup. You can then watch which packets/ports are being denied and proceed to open them.
Hope this helps Francisco >>> [EMAIL PROTECTED] 28/11/01 10:58 >>> Hello all.... I have a RH 7.1 DNS server. The server is working fine and resolving names without any problems from external requests. I am also using IP chains to shut all ports except 22 and 53. My problem is that when I try to do a nslookup from that box, it gives me the following error: $ nslookup yahoo.com Note: nslookup is deprecated and may be removed from future releases. Consider using the `dig' or `host' programs instead. Run nslookup with the `-sil[ent]' option to prevent this message from appearing. ;; connection timed out; no servers could be reached My Ipchains are as follows: Chain input (policy DENY): target prot opt source destination ports ACCEPT tcp ------ anywhere dns any -> ssh ACCEPT udp ------ anywhere dns any -> domain ACCEPT tcp ------ anywhere dns any -> domain Chain forward (policy DENY): Chain output (policy DENY): target prot opt source destination ports ACCEPT tcp ------ dns anywhere ssh -> any ACCEPT udp ------ dns anywhere domain -> any ACCEPT tcp ------ dns anywhere domain -> any but it is able to respond to external requests (meaning when I set my machine to use this DNS server, it does name resolutions without any problems). I know it is something to do with IP chains coz when I flush all my rules and set the default to accept all then the nslookup runs fine. Do I need to open another port to be able to do internal queries within the box? I'm confused....... _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list