alexperl wrote: >> It looks like your missing the following rule: >> accept service dns from local.lan to world.inet > I add such rules > > accept service dns from world.inet to firewall > accept service dns from firewall to local.lan > accept service dns from local.lan to world.inet > accept service dns from world.inet to local.lan > snat service any from local.lan to world.inet
Okay, that should make it work... does it? > PS > With ping is strange situation too. > When add rule > accept service ping from local.lan to world.inet > then all is ok > but I have > accept service any from local.lan to world.inet > Is *ping* service in *any* service or in this category are some other > services? "Any" basically means that iptables doesn't look at the protocol, ports, etc, just at the ipaddresses. So "any" includes ping, http, everything... Cheers, Victor ------------------------------------------------------------------------------ Stay on top of everything new and different, both inside and around Java (TM) technology - register by April 22, and save $200 on the JavaOne (SM) conference, June 2-5, 2009, San Francisco. 300 plus technical and hands-on sessions. Register today. Use priority code J9JMT32. http://p.sf.net/sfu/p _______________________________________________ Vuurmuur-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/vuurmuur-users
