ipchains and DNS problem

To: debian-user@lists.debian.org
Subject: ipchains and DNS problem
From: fairfax@pclink.com
Date: Fri, 19 Nov 1999 18:05:50 -0600 (CST)
Message-id: <[🔎] m11oy2I-0006C1C@forster>

I have ipchains working, but my workstations cannot get out to the internet because of a DNS problem.  (When I try to ping any host from the workstations I get the message Host not found.)

I have kernel 2.2.12, running IP MASQ and ipchains.

/etc/init.d/network on the server looks like this:
--------------------------------------------------
ifconfig lo 127.0.0.1
route add -net 127.0.0.0 netmask 255.0.0.0 dev lo

ifconfig eth0 192.168.1.1 netmask 255.255.255.0 broadcast 192.168.1.255 up
route add -net 192.168.1.0 dev eth0

echo "1" > /proc/sys/net/ipv4/ip_forward

ifchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ
--------------------------------------------------
on the workstation:
--------------------------------------------------
ifconfig lo 127.0.0.1
route add -net 127.0.0.0 netmask 255.0.0.0 dev lo

ifconfig eth0 192.168.1.10 netmask 255.255.255.0 broadcast 192.168.1.255 up
route add -net 192.168.1.0 dev eth0

route add default gw 192.168.1.1
--------------------------------------------------
resolv.conf on both machines just has two lines, one for each of the nameservers my ISP uses.

Issuing the command
# ipmasq -d
from the server gives the following output:
--------------------------------------------------
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains -P forward DENY
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.1/255.255.255.0
/sbin/ipchains -A input -j ACCEPT -i ppp0 -d 206.11.2.183/32
/sbin/ipchains -A input -j DENY -i ppp0 -s 192.168.1.1/255.255.255.0 -l
/sbin/ipchains -A forward -j MASQ -i ppp0 -s 192.168.1.1/255.255.255.0
/sbin/ipchains -A output -j ACCEPT -i lo
/sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.1.1/255.255.255.0
/sbin/ipchains -A output -j ACCEPT -i ppp0 -s 206.11.2.183/255.255.255.255
/sbin/ipchains -A output -j DENY -i ppp0 -d 192.168.1.1/255.255.255.0 -l
--------------------------------------------------
I can ping anything from the server, but not from the workstations.

What am I doing wrong?

Steven C. Martin

Reply to:

Follow-Ups:
- Re: ipchains and DNS problem
  - From: aphro <nate@firetrail.com>
- Re: ipchains and DNS problem
  - From: Onno <ebbin200@tech.nhl.nl>

Prev by Date: Re: Truetype font sizes and Netscape
Next by Date: Re: /dev/sda1 or /dev/sda4 with ZIP disks
Previous by thread: Re: /dev/sda1 or /dev/sda4 with ZIP disks
Next by thread: Re: ipchains and DNS problem
Index(es):
- Date
- Thread