Mon, 17 Jun 2002 23:04:45 +0100
On Monday 17 June 2002 10:33 pm, Mark Tessier wrote:
> > What are the values of the variables $SMTP_SERVER and $POP_SERVER in your
> > script ?
Okay, so your firewall needs to be able to resolve hostnames at the time it
processes any rules containing these names. Are you sure it can do that at
that time ?
I see FORWARD and OUTPUT rules for destination port 53, but what rules do you
have for allowing packets into the INPUT chain so that the DNS server can
Also, I'm a bit puzzled at your labelling of the interfaces - am I right in
thinking you have an internal network interface called $LAN_INTERFACE, and an
external interface called $DMZ_INTERFACE ? It's more common to use DMZ for
a second 'internal' interface which has some access from the inside, and some
from the outside, rather than to label the external interface like this...
I assume you have the recommended DROP policy on your INPUT and OUTPUT
chains, so try putting a LOG line at the end of each of those and see what
gets logged (just before getting dropped). I'll bet something gets logged
from your INPUT chain which doesn't look good.....