On Sat, 2002-12-28 at 22:54, Wes James wrote: > > -A RH-Lokkit-0-50-INPUT -m udp -s 1.2.3.0/24 -d 0/0 --dport 800 -p udp > -j ACCEPT > -A RH-Lokkit-0-50-INPUT -m udp -s 1.2.3.0/24 -d 0/0 --dport 8400 -p udp > -j ACCEPT
I got this finally working by punching the dns servers in the 1.2.3.0 network: i.e.: -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 1.2.3.1 --sport 53 -d 0/0 -j ACCEPT -A RH-Lokkit-0-50-INPUT -p udp -m udp -s 1.2.3.2 --sport 53 -d 0/0 -j ACCEPT where 1.2.3.1 and 1.2.3.2 are the dns servers. I found this out when I noticed the cisco vpn sotware was renaming the resolv.conf and putting in the dns servers of the network where the vpn resides. I then telnet'd to a machine on the vpn network with just the ip address and it worked. I then thought of putting the dns servers in the iptables file and wa-la - for some reason I needed to do an ifdown and ifup after restarting the iptables services. i.e. make changes to /etc/sysconfig/iptables enter these commands at the command prompt: service iptables restart ifdown eth0 ifup eth0 ate logo, wj -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
