Re: URGENT - Bind broken by potato-> woody
Jor-el wrote:
> On Tue, 18 Dec 2001, john wrote:
>
> >
> > Chain POSTROUTING (policy ACCEPT)
> > target prot opt source destination
> > SNAT all -- 192.168.0.0/24 0.0.0.0/0
> > to:202.92.79.119
> > SNAT all -- 192.168.2.0/24 0.0.0.0/0
> > to:202.92.79.119
> >
> >
<snip>
>
> John,
>
> This wouldnt have anything to do with the fact that your firewall
> rules are for 202.92.79.119 whereas the DNS server is at 202.92.79.116,
> would it?
>
> Regards,
> Jor-el
>
Those rules allow machines in the LAN to appear to the Internet as 119 - they
are the SNAT source addresses.
So when 192.168.0.3 talks to 202.92.79.116 it appears to 202.92.79.116 as being
from 202.92.79.119.
I can ssh to 202.92.79.116, so that rule shouldnt be blocking DNS lookups.
And the secondary DNS (the one that's still potato) can resolve addresses OK.
But good try anyway...
I'm still trying to make some sense of this - the problem really has to be on
THIS box, as nothing else has changed.
John P Foster
Reply to: