I am a new poster here. I am a SW engineer by day, mostly on embedded linux stuff. I am not a very experenced sysadmin, though.

I am trying to switch to Linux from a linksys router. I have gotten routing working, iptables, and DHCP. I can ping any numerical address on the internet from a dorkstation behind the router, but I cannot resolve any names. I have checked to be sure that I am giving the contents of the /etc/resolv.conf (on the router) to the workstations (via DHCP). I can ping the addresses of the name servers in question from the workstation. I can access a SSH server that is outside the router from a workstation using the numerical address. I have tried disabling iptables (which seems to kill the router). Everything I can think of seems OK, except I cannot get any names resolved.

I am running a fresh installation of Fedora 5 on a fairly new computer with plenty of disk and memory. I am using the instructions in the "Fedora 5 Bible" to do the config.

Anyone seen this kind of problem?

Thanks,
-=ChuckT=-

Is your DNS server inside the network or is it your ISPs?
If its your ISPs, you maybe blocking it with your iptables config.
You can try tcpdump on the LAN facing interface to see if the traffic is been send out to your hosts
that is assuming that eth1 is your private LAN.
If you don't see anything, then make sure that is leaving the router
that is assuming that eth0 is your WAN facing interface.
If you see traffic going out, then it may be your iptables configuration. If you can post an `iptables -nL -t filter` output from the router, may help out

Thanks for responding!

Am I correct when I read between the lines that my workstation needs to be able to connect to UDP port 53 through the firewall? I think that I have it wide open for outgoing connections and pretty closed for incomming connections. Does that make sense? (is it even true? The `iptables -nL -t filter` output follows at the end) I had to switch back to the linksys router to make this post, so I will have to check the tcpdump later.

The DNS servers belong to my ISP. Also, the router functions normally for DNS resolution. All workstation have the problem, though.

Here is the dump:
------------
Chain INPUT (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 flags:0x17/0x02
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state NEW
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 8

Chain FORWARD (policy DROP)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
DROP tcp -- 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
DROP all -- 0.0.0.0/0 0.0.0.0/0 state INVALID

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT udp -- 0.0.0.0/0 224.0.0.251 udp dpt:5353
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:631
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:631
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:68
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:67
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited

I just reconfigured to use the linux router again to see if I can get the tcpdump;s sugested earlier and I found that my eth1 (local lan) card was not being recognized. I gonna go get a 3com card and put that in. I will post more data when I get it.