Shorewall users - Aug 2002 - Re: dns and my problem(?)

Tom,=20
I know how frustrating it can be to deal with idiots and assholes.  It=20
sometimes helps to remember we ''good'' folks far out number the
others.  But=20
sometimes we too are cast into that category although only temporarily, we=20
hope!!. =20

Your response to that guy was much to mild! You are a diplomat!  Most of us=20
know what you are doing and appreciate it.  Like the saying goes, dont let=20
the bastards get you down.

Now my ''problem.''  The other day my main machine stopped
allowing my client=20
browsers to view web pages, sorta like the old dns problem.  I had rebooted a=20
couple of times for other reasons. but that didnt cure the problem. All=20
client machines could ping  everywhere but couldnt resolve any url or fqdn. =20
So for grins I stopped shorewall, cleared it and started it again.  Voila,=20
all was back to normal.  I do a lot of downloading and experimenting with=20
Linux programs so it''s very likely that something I played with screwed
up my=20
tables.  Also I had switched to windows temporarily so  it''s really
hard to=20
say when the problem started.  Unfortunately I didnt save any logs, or the=20
tables output, etc.  My only reason for bringing this up is to:
1. see if this is a problem that has occurred before and
2. ask if a clearing of the iptables on boot may not be a bad idea before=20
starting shorewall just to insure the tables have only what you have ordered=20
thru shorewall.

Thanks again for your continuing help.  What''s your next project?
Best regards,
Richard
 =20

On Mon, 12 Aug 2002, Richard wrote:
 
> Now my ''problem.''  The other day my main machine stopped
allowing my client
> browsers to view web pages, sorta like the old dns problem.  I had rebooted
a
> couple of times for other reasons. but that didnt cure the problem. All 
> client machines could ping  everywhere but couldnt resolve any url or fqdn.
> So for grins I stopped shorewall, cleared it and started it again.  Voila, 
> all was back to normal.  I do a lot of downloading and experimenting with 
> Linux programs so it''s very likely that something I played with
screwed up my
> tables.  Also I had switched to windows temporarily so  it''s
really hard to
> say when the problem started.  Unfortunately I didnt save any logs, or the 
> tables output, etc.  My only reason for bringing this up is to:
> 1. see if this is a problem that has occurred before and
> 2. ask if a clearing of the iptables on boot may not be a bad idea before 
> starting shorewall just to insure the tables have only what you have
ordered
> thru shorewall.
> 
Shorewall _tries_ to do that but there are some things that a "clear" 
command (especially in the last release or two) that aren''t done during
a
normal "start" or "restart".

If you have inadvertently installed something that is starting before 
Shorewall and doing some iptables "stuff", there could be something
that
isn''t getting reset when Shorewall starts.

If you find that you are having this problem again, please:

a) shorewall status > status.before
b) shorewall stop; shorewall clear; shorewall start
c) shorewall status > status.after

Assuming that this cured the problem, I would be very interested to see 
the two captured status files.

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net