Dear Shorewall Wizards, When Shorewall is up on the fw server (a public IP, web server host), I can access the net and resolve domains from the fw box, but from another (also with a pulic IP address, that is cabled directly to the same enet hub), I cannot resolve domain names with browser. The hub connects directly to a DSL modem. I can ping in both situations, but it''s a lot slower when shorewall is up. Everything else appears to be running well. I''ll look for hints on the web site, FAQ''s, and mail archives, but I guess I don''t understand why the second box (my second DNS) is even affected by the firewall? That I cannot understand. Maybe I should remove the fw (ns1) box from the /etc/hosts file, or as a DNS at all? TIA for any help. Did I say that I''m using RHL 7.3 on fw SuSE 7.3 on local public IP machine Shorewall 1.3.6 Bind 9.x and the latest iptables, but the version I don''t know. (Newbie opens door ... sticks in toe... ) -- Andrew Lietzow The ACL Group, Inc.
On Saturday 24 August 2002 07:23 pm, Andrew Lietzow wrote:> Dear Shorewall Wizards, > > When Shorewall is up on the fw server (a public IP, web server host), I can > access the net and resolve domains from the fw box, but from another (also > with a pulic IP address, that is cabled directly to the same enet hub), I > cannot resolve domain names with browser. The hub connects directly to a > DSL modem.And how do you have the DNS resolver in this second computer configured? Through the Shorewall box maybe?> > I can ping in both situations, but it''s a lot slower when shorewall is up. >And if you use the "-n" flag with ping, it is blindingly fast of course.> Everything else appears to be running well. I''ll look for hints on the web > site, FAQ''s, and mail archives, but I guess I don''t understand why the > second box (my second DNS) is even affected by the firewall? That I > cannot understand. Maybe I should remove the fw (ns1) box from the > /etc/hosts file, or as a DNS at all? >If the FW box is listed as a nameserver in the second box''s /etc/resolv.conf then it might be wise to allow UDP 53 from the second box to the fw... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net