Hi Tom, I've noticed the following entries in my shorwall.log file and of course my secondary isn't able to contact my primary DNS server to update its zone files.
Oct 28 19:46:53 pyro Shorewall:FORWARD:REJECT: IN=eth1 OUT=eth1 MAC=00:02:b3:61:64:6e:00:02:b3:5f:c3:5c:08:00 SRC=10.0.100.11 DST=10.0.100.10 LEN=62 TOS=00 PREC=0x00 TTL=127 ID=25784 PROTO=UDP SPT=1575 DPT=53 LEN=42 Oct 28 19:47:04 pyro Shorewall:FORWARD:REJECT: IN=eth1 OUT=eth1 MAC=00:02:b3:61:64:6e:00:02:b3:5f:c3:5c:08:00 SRC=10.0.100.11 DST=10.0.100.10 LEN=62 TOS=00 PREC=0x00 TTL=127 ID=25887 PROTO=UDP SPT=1576 DPT=53 LEN=42 I have my primary and secondary DNS on 10.0.100.10 and 10.0.100.11, there external IP's are 67.106.134.140 and 67.106.134.142 respectivly. (it's not BIND so I can't follow your instructions in your FAQ's) I have the following rules in place. DNAT loc:10.0.100.0/24 loc:10.0.100.10 tcp 53 - 67.106.134.140:10.0.100.1 DNAT loc:10.0.100.0/24 loc:10.0.100.10 udp 53 - 67.106.134.140:10.0.100.1 DNAT loc:10.0.100.0/24 loc:10.0.100.11 tcp 53 - 67.106.134.141:10.0.100.1 DNAT loc:10.0.100.0/24 loc:10.0.100.11 udp 53 - 67.106.134.141:10.0.100.1 Any ideas where I can look to track what is happening? Have I missed a setting in the upgrade? cheers Adam _________________________________________ Genis-X Webmail, http://www.genis-x.com ------------------------------------------------------- This SF.net email is sponsored by: The SF.net Donation Program. Do you like what SourceForge.net is doing for the Open Source Community? Make a contribution, and help us add new features and functionality. Click here: http://sourceforge.net/donate/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
