Hi all, I have a 3-leg router/firewall and would like to run a recursive caching nameserver (djb's dnscache) on it, but can't figure out how to get it past the firewall to query upstream nameservers. eth0 : lan eth1 : wan which connects to default gateway to internet eth2 : dmz (10.0.0.1 for 10.0.0.0/24) dnscache is running on ip 10.0.0.1 on eth2. If it cannot resolve the query from a local (inside) authority it must go outside and begin by querying the root-servers via eth1. This is where it fails. If I run dnscache on a machine attached to eth2 requests are FORWARDED from eth2 to eth1, then via the gateway and all is well; however, when run ON eth2 outbound traffic is blocked. Default policies are INPUT:DROP, FORWARD:DROP, OUTPUT:ACCEPT. I can't even figure out where to try to put a rule for this, or how to write it. Since it's an address ON the router it wouldn't be on the FORWARD chain, right? I'm totally baffled. Anybody have any ideas where to begin debugging this? Thanks for any help.
