nao sei como está sua politica padrao, mas tente liberar a 53 para a interface de loopback e no /etc/resolv.conf coloque o host 127.0.0.1
Em Seg, 2006-01-23 às 12:32 +0000, [EMAIL PROTECTED] escreveu: > Renato Lorandi, > eu já liberei o forward da porta 53. > Toda a rede interna da empresa consegue resolver o nome. O problema é > na maquina do firewall. > Veja minhas regras de foward: > iptables -A FORWARD -s 192.168.200.0/24 -i lo -p tcp --dport 53 -j > ACCEPT > iptables -A FORWARD -s 192.168.200.0/24 -i lo -p udp --dport 53 -j > ACCEPT > iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p tcp > --dport 53 > -j ACCEPT > iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -p udp > --dport 53 > -j ACCEPT > iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA -o eth1 > -j ACCEPT > > Renato Lorandi <[EMAIL PROTECTED]> escreveu: > Leandro Orílio escreveu: > > > Olá pessoal! > > Estou precisando de um ajuda! > > Tenho um firewall com iptables e squid. So que quando rodo o > meu > > script de iptables a maquina não reconhece mais o dns q esta > colocado > > no revolv.conf. > > Alguem saberia me dizer q estou fazendo de errado! > > Desde já obrigado! > > #!/bin/bash > > INTERFACE_INTERNA=eth0 > > INTERFACE_EXTERNA=eth1 > > echo 1 > /proc/sys/net/ipv4/ip_forward > > #Limpa os chains > > iptables -F > > iptables -t filter -F > > iptables -t nat -F > > #Tabela filter > > iptables -t filter -P INPUT DROP > > iptables -t filter -P OUTPUT ACCEPT > > iptables -t filter -P FORWARD ACCEPT > > #tabela nat > > iptables -t nat -P PREROUTING ACCEPT > > iptables -t nat -P OUTPUT ACCEPT > > iptables -t nat -P POSTROUTING DROP > > #tablea mangle > > iptables -t mangle -P PREROUTING ACCEPT > > iptables -t mangle -P OUTPUT ACCEPT > > iptables -A INPUT -i lo -s 0/0 -d 0/0 -j ACCEPT > > iptables -A INPUT -i eth0 -j ACCEPT > > #iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA > -j ACCEPT > > iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA > -p tcp > > --dport 22 -j ACCEPT > > iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA > -p tcp > > --dport 80 -j ACCEPT > > iptables -A INPUT -s 192.168.200.0/24 -i $INTERFACE_INTERNA > -p tcp > > --dport 3128 -j ACCEPT > > iptables -t filter -A INPUT -s 192.168.200.0/24 -i > $INTERFACE_INTERNA > > -p tcp --dport 53 -j ACCEPT > > iptables -t filter -A INPUT -s 192.168.200.0/24 -i > $INTERFACE_INTERNA > > -p udp --dport 53 -j ACCEPT > > iptables -A FORWARD -s 192.168.200.0/24 -i > $INTERFACE_EXTERNA -o eth1 > > -j ACCEPT > > iptables -A FORWARD -i $INTERFACE_EXTERNA -o > $INTERFACE_INTERNA -j ACCEPT > > #iptables -A FORWARD -s 192.168.200.0/24 -i > $INTERFACE_EXTERNA -p tcp > > -dport 80 -o eth1 -j ACCEPT > > #iptables -A FORWARD -s 192.168.200.0/24 -i > $INTERFACE_EXTERNA -p tcp > > -dport 443 -o eth1 -j ACCEPT > > #roteamento > > iptables -t nat -A POSTROUTING -o lo -j ACCEPT > > #iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o > > $INTERFACE_EXTERNA -j MASQUERADE > > iptables -t nat -A POSTROUTING -s 192.168.200.0/24 -o > > $INTERFACE_EXTERNA -j SNAT --to 192.168.1.250 > > ##################Redirecionamento####################### > > #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA > --dport 80 > > -j REDIRECT --to-port 3128 > > #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA > --dport 80 > > -j REDIRECT --to-port 3128 > > #iptables -t nat -A PREROUTING -p tcp -i $INTERFACE_INTERNA > --dport > > 443 -j REDIRECT --to-port 3128 > > #iptables -t nat -A PREROUTING -p udp -i $INTERFACE_INTERNA > --dport > > 443 -j REDIRECT --to-port 3128 > > > > Yahoo! doce lar. Faça do Yahoo! sua homepage. > > > > > Amigo vc ce tem que liberar na FORWARD tbm a porta 53 > iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA > -p tcp > --dport 53 -j ACCEPT > iptables -A FORWARD -s 192.168.200.0/24 -i $INTERFACE_INTERNA > -p udp > --dport 53 -j ACCEPT > > > -- > To UNSUBSCRIBE, email to > [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > > > __________________________________________________ > Faça ligações para outros computadores com o novo Yahoo! Messenger > http://br.beta.messenger.yahoo.com/ > -- Pruonckk le Punk http://www.debianfordummies.org Porque o linux é para todos! -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
