I am having the same exact problem as you. I have installed Mandrake SNF at work where I am basically rebuilding the entire network, and I cannot get DNS to work from the outside AT ALL. I have actually disabled the bastille-firewall script in startup, and execute my own ipchains rules after the firewall boots. I still cannot get DNS to work from the outside to get to our company website on the internal LAN. I am using tcdump to sniff the external interface on the firewall, and I can see a DNS request coming from the Netzero account I am dialing in with to test. I then see a message that says the UDP port 53 is unreachable, even though I have completely opened everything on the firewall. I have also tried uncommenting the line below in the other poster's quote from the /etc/named.conf file, but still get the same results.
Since time is of an issue here, I have solved my problem by formatting the hard drive and installing Redhat to set up my own chains manually. I would like to go back to SNF because I like the web interface, but I can't get anywhere with it if I cannot get past this problem. Anybody have any ideas? I have seen a lot of postings in the last couple weeks from people that have had problems with DNS type services on SNF. It makes me wonder if something is broken within it somewhere? Thanks, Michael -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Joseph Watson Sent: Saturday, December 08, 2001 8:48 AM To: Cooker Firewall Subject: [Cooker-firewall] Bind behind MDK SNF Hello, I am usring Mandrakes SNF, and am trying to get bind working behind this firewall using port forwarding and forwarding port 53, both udp and tcp, through to me bind server. In testing, outgoing connections through this firewall by both the server and clients worked great. But any server or client on the internet trying to access my DNS server got no responce??? I noticed packet bing denied on the firewall that were up in the 65000 range, but dismissed this as something else. But I just came across something that made me think this may be linked???? I found the following snip in the default /etc/named.conf file that came with a Mandrake 8.1 install: /* * If there is a firewall between you and nameservers you want * to talk to, you might need to uncomment the query-source * directive below. Previous versions of BIND always asked * questions using port 53, but BIND 8.1 uses an unprivileged * port by default. */ // query-source address * port 53; This seems to be self explanitory, but how do I open up the unprivliged ports to make this work???? or am I seeing this thing wrong?? If someone could give me some ideas it would be great!! Thanks, Joseph
