[ale] No longer resolving

Scott Nolde smnoldelinux at mediaone.net
Thu Mar 15 17:33:26 EST 2001 

Dow,

In my haste to send ale a plea for help, I neglected to analyze the
whole scope of the problem.  All my client computers could resolve hosts
just fine.  Only the bastion firewall had difficulty when resolving
names outside of my internal LAN.  I only noticed this problem when I
wanted to download a package directly to the affected computer last
night.  Downloading from client computers are problem-free.

Then I remembered something: a few days ago, I restricted an entire
24.88.0.0/16 subnet from communicating with the firewall.  It just so
happens my domain name servers run on this subnet.  I'm running IPTABLES
on the firewall and since it stateful, it will allow communication from
my clients to communicate with the subnet (and resolve hostnames with
the DNS) without the restrictions, but will prevent the firewall itself
from communicating with the DNS.  Interesting security measure, perhaps?

So, my solution was to remove the subnet restriction (and refine the
declaration) from my firewall ruleset (MonMotha's is really cool) and
all is well now.

My changing file permissions had nothing to do with the problem, but
since it was the last thing I did before noticing the problem I
immediately suspected a fat-fingered chmod/chgrp.

- Scott

Dow Hurst wrote:
> 
> You might want to provide a list of the files you changed.  Did you
> anticipate recursive changes and following symlinks changes?  Under IRIX
> "chown -Rh" will not follow symlinks but change the link itself.
> Dow
> 
> Scott Nolde wrote:
> >
> > For some odd reason my firewall machine no longer resolves domain names
> > or can ping.  The only thing I did yesterday that could affect this
> > would be to change the group of some files from root to wheel and 'chmod
> > o-x' the same files.
> >
> > Does anyone have any idea what could be affecting this?
> >
> > - Scott

-- 
Never do Windows again with  |  Scott M. Nolde
Linux!  No streaks, haze or  |  smnoldelinux at mediaone.net
glaze!                       |  
5:20pm up 6 days, 17:29, 1 user, load average: 1.00, 1.00, 1.00
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list