Re: Firewall/IP-masquerading

To: "Gary Hennigan" <glhenni@sandia.gov>
Cc: debian-user@lists.debian.org
Cc: debian-user@lists.debian.org
Subject: Re: Firewall/IP-masquerading
From: Willi Dyck <WDyck@gmx.de>
Date: Wed, 6 Sep 2000 10:43:09 +0200 (MEST)
Message-id: <[🔎] 25891.968229789@www1.gmx.net>
References: <[🔎] nhxpumih9f0.fsf@sasg955.sandia.gov>

> Nate Amsden <aphro@aphroland.org> writes:
> > not sure what kernels your using but:
> > 
> > - i've never gotten MASQ to work with DNS on 2.2 i've always had to
> put
> > a DNS on the masq machine and point machines to it instead, this was
> not
> > the case in 2.0 where it was able to masq without any trouble.
> 
> Hmm. I'm not sure what you mean here. I have a firewall/masq machine
> and I know for a fact that my main PC, which sits behind this
> firewall, has no problem reaching my remote DNS servers using
> masquerading (I don't currently run a DNS server myself).
> 
> > try putting a DNS on yer masq box and point everything to it.
> 
> Yikes! That's not a trivial task and it's of questionable value given
> what I'm able to do, as stated above.
> 
> > Willi Dyck wrote:
> > > 
> > > Hi.
> > > 
> > > I don't understand the world (Debian)anymore.
> > > As soon as I compile things like
> > > - ip firewalling
> > > - ip masquerading
> > > - ip forwarding into the kernel, I can't ping any host by it's name.
> > > I am able to ping IP's. Seems like a DNS Lookup failure. But why??
> > > I didn't changed any file I only compiled the features listed above.
> > > When I boot the old kernel again the problem seems to be gone.
> > > WHY??? What is the logical thing here???
> > > Thanx for your help.
> 
> My guess is that you've got a chain in the default rules that's
> blocking DNS access. DNS access isn't a simple one to block/unblock,
> if I remember correctly. Just look at the logs (/var/log/syslog) and
> see if any of the output rules, with a source inside your LAN, is
> being denied. Personally, if I were you I'd get PMFirewall,

I have no chains blocking DNS access, I'm only blocking telnet and
netbios.
And /var/log/syslog isn't saying a word about ipchains. I wonder if my
firewall script was started at startup/links are set. How to check it?
> 
> http://www.pmfirewall.com/PMFirewall/
> 
> And start with the rules they insert and build on that.
> 
> It's quick, asks simple questions and gets you going quickly.
> 
> Gary
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org <
> /dev/null
> 

-- 
Sent through GMX FreeMail - http://www.gmx.net

Reply to:

Follow-Ups:
- Re: Firewall/IP-masquerading
  - From: "Gary Hennigan" <glhenni@sandia.gov>

References:
- Re: Firewall/IP-masquerading
  - From: "Gary Hennigan" <glhenni@sandia.gov>

Prev by Date: Re: Firewall/IP-masquerading
Next by Date: Re: "Joe" editor
Previous by thread: Re: Firewall/IP-masquerading
Next by thread: Re: Firewall/IP-masquerading
Index(es):
- Date
- Thread