Your question isn't really specific enough to be sure what's going on, but I'm assuming that on your firewall box, the rules you present allow DNS queries to work, but that on clients behind the firewall, DNS still fails, and furthermore that you have the clients set up to use a DNS server on the outside of your firewall. If this is the case, try: iptables -A FORWARD ... Remember, the input and output chains are only for traffic with a LOCAL source or destination (same computer as firewall), whereas forward is for traffic that goes through the firewall computer. On Fri, 27 Aug 2004, it clown wrote: > Date: Fri, 27 Aug 2004 22:06:00 +0200 > From: it clown <suse@xxxxxxxxxxxxx> > To: netfilter@xxxxxxxxxxxxxxxxxxx > Subject: bind 9 and iptables > > Hi All > > I have a dns with a forwarder to my isp on the iptables > box. I am having trouble on getting dns to work properly. > > When i comment: > > iptables -P INPUT DROP > iptables -p OUTPUT DROP > > DNS will work fine and all the pc's can browse the net. > > I have tried the following with out any luck: > > iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT > iptables -A OUTPUT -p udp --dport 53 -j ACCEPT > iptables -A INPUT -m state --state ESTABLISHED,RELATED -j > ACCEPT > > what rule do i need to add to make things more secure to > get my dns working properly, thanks? > > Regards > > > _____________________________________________________________________ > For super low premiums ,click here http://www.dialdirect.co.za/quote >
