Hello Kory, sorry I haven't read the whole thread. But as I understand, you have a mail server in the dmz running on a leaf box. called DMZ_BOX DMZ = 192.168.10.0/24 route will be 192.168.10.0/24 via 192.168.10.x default via 192.168.10.254 ( DMZ address on LEAFBOX)
and a leaf router connected to internet and local. here you run dnscache listening on 192.168.1.254 and tinydns listening on localhost. (127.0.0.1) called LEAFBOX Route 192.168.10.0/24 via 192.168.10.254 192.168.1.0/24 via 192.168.1.254 default via "external ip address" Now you have a problem, that the DMZ_BOX, cannot resolve names. 1. do you have dnscache running on your DMZ_BOX ? if yes then you have to use the forwardonly option and set it to yes, to use your nameserver on LEAFBOX the address to forward to is 192.168.1.254. otherwise, your DMZ_BOX will use the root servers to find the MX for kroffts.com, this will point you to your provider, they point hopefully to your external interface, and now you are trying to get an address from your external interface. This might get a problem with your shorewall rules. insert 192.168.1.254 in /etc/resolv.conf after opening the firewall rules to allow udp 53 from dmz to fw now it is possible to resolve anything that you can resolve from the local net. regards Eric Wolzak member of the bering crew. ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
