Tnx for the input. Yeah, its not a module, its the caching name service daemon.
The fix you suggested did not do the trick. It acts the same as before. I did
have
a couple of ACCEPTs in the rules file to accommodate this same approach. I
commented
them out and put the Allow in, alas, no difference. What a nuisance.
Anyone else?
r
-----Original Message-----
From: shorewall-users-admin@lists.sourceforge.net on behalf of Jerry Vonau
Sent: Mon 9/5/2005 2:48 PM
To: shorewall-users@lists.sourceforge.net
Subject: Re: [Shorewall-users] Apache Virtual Hosts Problem
>Thanks all for the response to my problem. Outside interrupts made me set
aside the
>project temporarily.
>
>Reading your input (one email of which was rejected by our email engine for
reasons
>unknown) the thinking seems to be that Apache can''t resolve its
virtual hostnames. I
>had not originally installed the dnsmasq module, so did that. However, there
was no
>difference in performance. I then modified the hosts and resolv.conf files
for both
>the webserver and the firewall. I''ve tried a variety of setups,
none of which seem
>to make a difference.
>
>Being really a novice at firewalls, I''m not sure just what should
appear in the hosts
>and resolv.conf files in this setup (I''ve setup servers before, but
this is the first
>firewall system). What exactly should each of these refer to? The
IP''s I''ve assigned are:
>
>web server 10.10.11.1
>outside firewall 63.206.130.195
>inside firewall to dmz 10.10.11.254
>inside firewall to local 10.10.10.254
>and the local machines are 10.10.10.1,2,3
>
>There are also two nameservers provided by my ISP.
>
>The documentation on line is extensive and very good, almost too much of it
to
>get a quick answer. Do I need to make any changes in the rules to get the
firewall
>to aim stuff in the right direction? It all works except for the virtual
hosts.
>
>Thanks for any suggestions you can make ...
>rc
I think you need to open up traffic from the dmz (and back) for dns lookups.
If you have a resent version of shorewall:
AllowDNS dmz net
What is the "dnsmasq module"?
Jerry
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing
& QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users