Hello,
I accidentally saw the following in /var/log/messages:
May 29 07:41:23 router kernel: Shorewall:all2all:REJECT:IN= OUT=eth2 SRC=192.168.2.254 DST=192.168.2.201 LEN=61 TOS=0x0 0 PREC=0x00 TTL=64 ID=61994 DF PROTO=UDP SPT=53 DPT=1028 LEN=41
My DMZ subnet is 192.168.2.x, 192.168.2.201 is the DMZ server and
192.168.2.254 in on the router. UDP port 53 is for the DNS server and I have
DNS server running on the router (also listening to DMZ interface).
Currently I have in /etc/shorewall/rules
# # 2 - allow DMZ to use DNS on firewall # ACCEPT dmz fw tcp 53 ACCEPT dmz fw udp 53
should I also allow the DNS traffic back from 'fw' to 'dmz'?
See Shorewall FAQ #6c.
-Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://www.shorewall.net Washington USA \ [EMAIL PROTECTED]
------------------------------------------------------- This SF.net email is sponsored by: eBay Get office equipment for less on eBay! http://adfarm.mediaplex.com/ad/ck/711-11697-6916-5 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
