Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Networking
User Name
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.


  Search this Thread
Old 05-25-2003, 08:48 PM   #1
LQ Newbie
Registered: May 2003
Posts: 3

Rep: Reputation: 0
DNS and firewall help please

I have been in the process of moving over from mandrake..this one has me stumped.

Am running a shorewall two-interface firewall. The deal is that I cannot get the windows clients resolving beyond the firewall. They can dns resolve to the linux (gateway). They can ping ip addresses beyond the firewall, just not resolve the name.

They can resolve the name, however, on the internal network, so it appears DNS is working, at least partially.

I have checked that port 53 is open between the local zone and the firewall, and between the firewall and the internet

I have tried both bind and dnsmasq, without success.

Ie hunted the forums, and can find no clues, which makes me think it normally works, just not for me.

(The mandrake setup uses bind, and works fine )

Any suggestions greatly appreciated
Old 05-25-2003, 10:10 PM   #2
LQ Newbie
Registered: May 2003
Distribution: RedHat
Posts: 6

Rep: Reputation: 0
Try manually configuring DNS on clients to see if they can resolve then. If they can, triple-check your zone files to make sure everything is as it should be.
Old 05-26-2003, 09:35 AM   #3
LQ Newbie
Registered: May 2003
Posts: 3

Original Poster
Rep: Reputation: 0
This is very bizarre !

I can't figure this out.

My client machines can ping external adresses, for example for

But, they cannot ping the ip for my name server in /etc/resolv.conf
search localdomain
nameserver #kppp temp entry
nameserver #kppp temp entry

ie ping just times out.

What even more strange is that my linux router/firewall cannot ping the nameservers either, but that cannot be, because how else would it be resolving internet names ?

The water get's murky now.

If I host
I get domain name pointer

and dig 203.194.2; <<>> DiG 9.2.2 <<>>
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31926
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

; IN A

. 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2003052600 1800 900 604800 86400

;; Query time: 450 msec
;; WHEN: Mon May 26 22:38:07 2003
;; MSG SIZE rcvd: 106

I not sure exactly what these tools do, but they have been mentioned as tools to use to resolve dns/lookup issues on the forums.

That would point, I guess, to icmp being blocked by the firewall, even though I have specified it in the shorewall rules file as follows

# Allow Ping To And From Firewall
ACCEPT loc fw icmp 8
ACCEPT net fw icmp 8
ACCEPT fw loc icmp 8
ACCEPT fw net icmp 8

Help !


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
DNS and Firewall dexter_modem Linux - Security 8 11-13-2003 10:41 PM
DNS and firewall merlin371 Linux - Networking 2 07-31-2003 05:36 AM
setting up DNS behind a firewall..... archangel Linux - Networking 3 08-10-2002 10:43 PM
DNS problems through firewall vertices Linux - Networking 7 04-04-2002 02:07 PM
DNS, firewall dilemma? apessos Linux - Networking 1 02-06-2001 06:02 PM > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:13 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration