Hi all, i´m newbie to fw, have just installed iptables and configured. Have 3 interfaces, eth0 - internet, eth1 - DMZ (squid, postfix), eth2 - LAN. My provider has connected my firewall to the Internet via 1 public IP (on eth0). Internet hosts are resolved via provider´s Name Server (this IP is in /etc/resolv.conf). If I tried ping to (for example) www.rb.cz before installing iptables, there was no problem. Now, after installing iptables, I can´t ping to internet hosts correctly (only on IP - it is without need of contacting providers NS) - it is working like this :
[user@machine]$ ping www.rb.cz IN=eth0 OUT= MAC=.............. SRC="my_providers_nameserver_ip" DST="ip_on_my_eth0" LEN=127 TOS=0x00 PREC=0x00 TTL=61 ID=3268 DF PROTO=UDP SPT=53 DPT=32792 LEN=107
Ping to resolved IP of www.rb.cz is no problem (ping 193.86.103.40 - returns a normal replay). Could anyone help me please how to set up carefully and secure rule to maintain this problem - to permit my provider´s NS to resolv internet hosts ?
PS : The same problem is when I ping to localhost or 127.0.0.1 (lo), my own public ip (eth0), my DMZ ip (eth1), my LAN ip (eth2). And the very strange thing is that when I´m not working in shell (only prompt is visible) it starts time to time showing some strings (the same as I have described above), looking like pinging my machine from some public ip in internet. I can see these strange things in /var/log/messages. Have tried to find anything similar in mailing list archive, nothing is there...