On Mon, 2003-05-12 at 08:34, Togan Muftuoglu wrote:
The problem lies somewhere else otherwise why should the firewall let first then hold and later on let again the same specific type of traffic
Well, there's a little "egg on my face" now. It was my DNS server. See, my firewall, is, naturally, multihomed, but I only have one name server process running, and it resolves everything, for both the internal networks, and for the internet. I was getting random replies for the IP address attached to the name of the firewall, and it seems to respond with the "closer" address 3 times out of 4. So, I would get in 3 times, then get stuck. Anyway, adding a "sortlist 192.168.4.0" to my client's resolv.conf file fixed it. One of these days, I should really learn how to do a proper DNS server. Kudos to the person who wrote the SuSEfirewall2 script. Ultimately, I backtracked from `SuSEfirewall2 debug' and determined that the packets *had* to be getting dropped because they didn't fit into the rule that directed them to "input_int". That meant only one thing, and that led me immediately to the DNS problem. Now I just need to figure out how to get NFS working through the firewall... Thanks for the responses, and please forgive my stupidity, dk