Made the changes below and also tried restarting rcnamed after the firewall, as suggested by Togan and Anders. Got the following result on the firewall: kimberly:/etc # dig www.blueyonder.co.uk @127.0.0.1 ; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk @127.0.0.1 ;; global options: printcmd ;; connection timed out; no servers could be reached kimberly:/etc # dig www.blueyonder.co.uk @192.168.0.1 ; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk @192.168.0.1 ;; global options: printcmd ;; connection timed out; no servers could be reached Also tried to the firewall from another linux box: beverly:/home/dbarnes # dig www.blueyonder.co.uk @192.168.0.1 ; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk @192.168.0.1 ;; global options: printcmd ;; connection timed out; no servers could be reached and using an external dns server: beverly:/home/dbarnes # dig www.blueyonder.co.uk ; <<>> DiG 9.2.2 <<>> www.blueyonder.co.uk ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64485 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3 ;; QUESTION SECTION: ;www.blueyonder.co.uk. IN A ;; ANSWER SECTION: www.blueyonder.co.uk. 4525 IN A 62.30.31.86 ;; AUTHORITY SECTION: blueyonder.co.uk. 22657 IN NS ns.blueyonder.co.uk. blueyonder.co.uk. 22657 IN NS ns2.blueyonder.co.uk. blueyonder.co.uk. 22657 IN NS ns3.cableinet.net. ;; ADDITIONAL SECTION: ns.blueyonder.co.uk. 22657 IN A 195.188.53.114 ns2.blueyonder.co.uk. 22657 IN A 195.188.53.113 ns3.cableinet.net. 122 IN A 194.117.152.85 ;; Query time: 2 msec ;; SERVER: 192.168.0.3#53(192.168.0.3) ;; WHEN: Sun Feb 8 18:59:53 2004 ;; MSG SIZE rcvd: 168 So, no change really - dns from the firewall still doesn't work, but dns from _behind_ the firewall does. Totally bewildered by this! ----------------------------------------------------------------------------------------------------------------- On Sunday 08 February 2004 17:47, Togan Muftuoglu wrote:
* David Barnes MSc;
on 08 Feb, 2004 wrote: FW_SERVICES_INT_TCP="domain www 3128" FW_SERVICES_INT_UDP="domain" FW_SERVICES_INT_IP="" FW_SERVICES_QUICK_TCP="" FW_SERVICES_QUICK_UDP="" FW_SERVICES_QUICK_IP="" FW_TRUSTED_NETS="" FW_ALLOW_INCOMING_HIGHPORTS_TCP="ftp-data DNS"
DNS in TCP is used only in zone tranfers should it becomes necessary normally you would not put DNS here
FW_ALLOW_INCOMING_HIGHPORTS_UDP="domain ntp"
I would add DNS here. domain means port 53 only when you have DNS then SuSEfirewall2 checks the entries in your /etc/resolv.conf and add the nameservers as permitted sources
--
Togan Muftuoglu | Unofficial SuSE FAQ Maintainer | Please reply to the list; http://susefaq.sf.net | Please don't put me in TO/CC.
Nisi defectum, haud refiecendum