Hello,
I am building a Linux Firewall on a bootable CD. I've been able to get the cd to boot and to get on the Network. I can give the Machine an IP and ping to and from it.
The main purpose of this CD is to allow me to use a machine with 2 network cards, cdrom, and a floppy to act as a firewall/vpn
which will use 1 card for external access, and DHCP addresses will be given out on the second card.
My problem is that I can't seem to get dns to work. I've read several of the previous posts, and have tried the methods described with little success.
I always get the same result:
ping
www.somewhere.com
ping: unknown host.
I have the following:
/etc/resolve.conf:
search mydomain.com
nameserver 207.xxx.xxx.xxx
nameserver 207.xxx.xxx.xxx
/etc/host.conf:
order bind,hosts
multi on
and I have /etc/nsswitch.conf.
I also have usual required files:
/etc/services, /etc/protocols, etc.
I am also running IpTables v1.2.6a compiled into the kernel and tried using the following settings:
iptables -A INPUT -i eth0 -p udp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p udp -s ns1 --dport 53 -j ACCEPT
iptables -A INPUT -i eth0 -p tcp -s ns2 --dport 53 -j ACCEPT
None of these work either.
Sys Info:
Kernel 2.4.18
Built in: IpTables v1.2.6a
Built in: FreeSwan IPSec v1.97 (for VPN)
The VPN is not implemented yet, so the problem probably most likley does not ly there.
I've installed tools like Dig,Nslookup, and netcat on the machine, and have determined that my Firewall Does allow port 53 through, and that the Nameservers Do actually work.
I've been struggling with this problem for server days already and am at a loss as to what is causing this most vexing and perplexing problem. Any help that anyone could provide would be most appreciated.
Note: There are no modules used with the kernel, it is all built in to make it easier during development. I'm not sure if all this could be caused by IpTables or not. Here are all the options I built into the kernel for IpTables:
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_LIMIT=y
CONFIG_IP_NF_MATCH_MAC=y
CONFIG_IP_NF_MATCH_MARK=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_LENGTH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_TCPMSS=y
CONFIG_IP_NF_MATCH_STATE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_MARK=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_TCPMSS=y
I only bring this up because of a recent "bug?" I have encountered while using iptables. If I use the following rules:
iptables -P INPUT DROP
iptables -P OUTPUT DROP
iptables -P FORWARD DROP
Which sets the default action to DROP, I wasn't able to ping to anywhere or use any network service. I would get the error message: "ping: Operation not permitted". I promptly removed those rules until further investigation. I don't know if there is something I am forgetting to include inside my Firewall rules.
-SpookMonkey