IPtables and DNS = Confused

Hello,

I have an Linux Firewall Redhat 7.2 and i can't use our own DNS when i set the ISP's DNS on the clients inside the network they can use that DNS but when we change to our own DNS it will just not work. We used to have an Redhat 7.2 installed with the same version on the same computer but 3 weeks ago the harddrive crasched totally so i had to reinstall the firewall and now i can't use our own DNS, port 53 is open.

If someone has any idea, please tell me . .

I read somewhere that it can be a problem with IPchains but
that is not supported in the Kernel and i now it can work on
this kernel because it worked three weeks ago.

Thanks alot.
/Nick

DNS uses udp and tcp on port 53 so be sure you have both open.

I can't even ping the DNS from the firewall but i can ping it from
other computers outside the network

The UDP part looks like this, will this let the DNS thru?

# The UDP services we wish to allow to pass - "" empty means no services
# note: space separated
# ALL means all services
UDPIN="domain"
UDPOUT="ALL"

Thank you . . .

Are you manually setting up the rules or are you using some sort of firewall software? That syntax doesn't look familiar. Also, if you're not allowing icmp out or in then you won't be able to ping anything from the firewall.

thank you fot the answer . .

The thing is that it is not me that has set up the firewall
and the person who has set it up told me that there is no
problem with the firewall but i am sure that the problem is
in the firewall because no other changes has been made in
the network, and i also connected an machine to the same net as our DNS outside the firewall and it works fine.

He told me to edit an file called firewall.sh it is an script that
seam to hold all the rules.
I have read alot of Documentation to try to find away to set up the rules and i also got a bit confused because i couldnt find any docs on howto edit the script file that i have.
It is located in /usr/sbin

Sounds like the admin has a script that configures the rules which is quite normal. The rules you need to have all DNS queries accepted in and out are:

iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A OUTPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A OUTPUT -p udp --dport 53 -j ACCEPT


My iptables syntax is a little rusty but I believe that's right.

Thank's alot,

When i am at the console on the firewall and try to ping out i get an reply when i ping for example www.yahoo.com and also when i ping our ISP's DNS , but i don't get an reply when i try to ping our DNS . . i asked a friend to ping our DNS from his computer and he gets an reply. I am getting really confused here why i can't have any communication at all with our DNS from the firewall or the clients inside the firewall.

I am thinking that maybe there isn't a problem with the Linux firewall because we can use our ISP's firewall but not our own,
can there be some network settings i forgott about in the linux machine, HOSTS, resolv.conf, something like that?

Any suggestions where to look for the problem?

/Nick