On Wed, 2006-10-04 at 15:12 +0200, gabrix wrote: > What is the reason why if i use this iptables: > > # (APACHE) > > $IPT -A INPUT -p tcp -d x.gabrix.ath.cx --dport 80 -m state --state ! > > INVALID -j ACCEPT > > $IPT -A INPUT -p tcp -d tor.gabrix.ath.cx --dport 443 -m state --state > > ! INVALID -j ACCEPT > the hostnames you see get resolved to their pubblic ips.This is on an > inside lan pc but this doesn't happen on the gateway pc right before it > where iptables says it can't resolve the hostnames .Why this ?I have > debian sarge kernel 2.6 on all machines. > Thanks ! What is the DNS for the gateway? Have you allowed the gateway to send DNS in the OUTPUT chain? - John -- John A. Sullivan III Open Source Development Corporation +1 207-985-7880 jsullivan@xxxxxxxxxxxxxxxxxxx If you would like to participate in the development of an open source enterprise class network security management system, please visit http://iscs.sourceforge.net
