On Saturday 22 June 2002 6:30 pm, Christian Seberino wrote: > My firewall *only* forwards SSH stuff to private LAN. > > It forwards *everything* _from_ private LAN to Internet however. > > How can the private LAN use DNS which it does???? > > How is DNS server returning the info thru firewall > if it *only* allows SSH??!?!?!?
Do you have a rule allowing reply packets from, say, a website back to your internal clients ? Maybe: iptables -A FORWARD -i $EXTIF -m state --state RELATED,ESTABLISHED -j ACCEPT Same rule will allow replies to DNS requests. If you don't have anything like that, post your ruleset and we'll have a think about it. Antony.
