Marco -- yer on the right track -- read in line.... On February 21, 2005 06:34 pm, Marco Nicoloso wrote: > Hi there, > > I solved all of my routing problems which I had before... Now everything > works fine, but the name resolution. According to the scheme (Trusted > subnet -> Firewall -> Internet), hosts on my trusted subnet can see the > DNS properly, they get its address from the DHCP, but they cannot get > DNS queries satisfacted. DNS queries -- okay - unless the DNS is on the same box as the firewall you want to : > > I tried with different rules, but none works: > $IPTABLES -A INPUT -p tcp --dport 53 -j ACCEPT > $IPTABLES -A INPUT -p udp --dport 53 -j ACCEPT Change INPUT to FORWARD and try again... > or these: > $IPTABLES -A FORWARD -p tcp -s $DNS1_IP -j ACCEPT > $IPTABLES -A FORWARD -p tcp -s $DNS2_IP -j ACCEPT > $IPTABLES -A FORWARD -p udp -s $DNS1_IP -j ACCEPT > $IPTABLES -A FORWARD -p udp -s $DNS2_IP -j ACCEPT > Loose the above and use an ESTABLISHED, RELATED rule to accept the returns. > Do I have to setup my own named, cache queries and requests new ones if > I need? Or it is just my problem, that I am not able to write rules...? Nope -- just let the queries THROUGH the firewall -- not in or out. Alistair > > Thanks in advance > > Marco Nicoloso
