The 03.06.13 at 10:30, Christopher Mahmood wrote:
Then I suppose the firewall should let it pass, automatically, as part of an ungoing conversation... I have seen a number of them from several domain name servers.
Yeah, do you have FW_ALLOW_INCOMING_HIGHPORTS_UDP set to 'yes' or 'DNS'? Since you're running a nameserver it should be 'yes'.
Yes, I have: FW_ALLOW_INCOMING_HIGHPORTS_UDP="DNS domain" (although 1024 might not be really a high port :-? ) But, during boot, I always see: Starting Firewall Initialization (phase 3 of 3) <notice>'/etc/init.d/rc5.d/S10cups start' exits with status 0 <notice>/etc/init.d/rc5.d/S11SuSEfirewall2_final start Warning: FW_SERVICE_DNS defined, but no DNS server found running! I have never botthered about that, because DNS is in fact running (as cache, I'm not interested in serving queries from outside, so it listens only on the internal interface), and anyway, after the modem goes up, the script calls susefirewall again and the rules get reloaded: Jun 13 20:48:11 nimrodel SuSEfirewall2: Firewall rules successfully set from /etc/sysconfig/SuSEfirewall2 Jun 13 20:48:11 nimrodel ip-up.local: --> Up ppp0 /dev/ttyS1 115200 L: 81.41.201.128 R: 80.58.197.105 Par: -- Cheers, Carlos Robinson