In the same test environment that I mentioned in my previous message I set up a caching DNS server. When I ran named I noticed in the message log a whole string of log messages saying that the DNS requests to the root servers had been rejected by the default all2all policy. Presumably this is the policy all all REJECT info that is at the end of the default policy file. I have put in the DNS accept entries in the 2 card quick start guide. ACCEPT loc fw tcp 53 ACCEPT loc fw udp 53 ACCEPT fw net tcp 53 ACCEPT fw net udp 53 Does this mean that the DNS enquiries are not getting out?
cheers();> In the same test environment that I mentioned in my previous message I set > up a caching DNS server. > > When I ran named I noticed in the message log a whole string of log messages > saying that the DNS requests to the root servers had been rejected by the > default > all2all policy. Presumably this is the policy > all all REJECT info > that is at the end of the default policy file. I have put in the DNS > accept entries in > the 2 card quick start guide. > ACCEPT loc fw tcp 53 > ACCEPT loc fw udp 53 > ACCEPT fw net tcp 53 > ACCEPT fw net udp 53 > > Does this mean that the DNS enquiries are not getting out?We need more infos. All policies and rules would be a good start. But as the all2all policy is blocking, I assume you don''t use your caching DNS server. (Just an idea.) What is the DNS you was querying from the computer in the local net? DNS request to your fw (caching DNS) should work fine and the fw queries the DNS of your provider. Querying root servers all the time isn''t such a good idea... btw: Did you restart shorewall? Caching DNS running? .karsten -- Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!
At 10:28 PM 1/4/03, you wrote: Thanks for your reply. I think that my problems are more related to my limited test environment rather than shorewall. I will test it further when I have the real internet connected rather than the PC that is simulating it.>We need more infos. All policies and rules would be a good start. > >But as the all2all policy is blocking, I assume you don''t use your >caching DNS server. (Just an idea.) What is the DNS you was querying >from the computer in the local net? > >DNS request to your fw (caching DNS) should work fine and the fw queries >the DNS of your provider. Querying root servers all the time isn''t such >a good idea... > >btw: Did you restart shorewall? Caching DNS running? > >.karsten > > >-- >Hi, I''m a signature virus. Copy me into your ~/.signature to help me spread!