To get DNS working, FireHOL needs to be resert after every boot

[pilpi]

Always when I boot up Ubuntu 6.06 LTS, DNS doesn't work so I get no websites etc, but can access them by IP's. If I then say "sudo /etc/init.d/firehol restart", DNS starts working and I can use the internet normally. The problem occured when I moved from a flat with a static IP to one with ADSL connection (I connect to the ADSL box with an ethernet cable). I already posted this to firehol help forums but got no replies.

From FireHOL documentation:
"By default FireHOL will drop all traffic coming in and going out via an undefined network interface, so the network
interface will have no meaning to be up and running. This is a common mistake on some ADSL configurations, where users
ignore the loop device that connects the linux router with the ADSL device."

I'm not sure if this is the issue.

Although I can get the internet connection to work by restarting firehol each time after booting the machine up (which happens daily), I have a setup where in normal conditions the user that uses the computer doesn't have sudo rights and thus won't be capable of restarting the firehol service. Thus, I'd like the internet connection to work right away after starting up the pc.

To those who don't know about FireHOL, I've understood it's just a well-designed bunch of bash scripts, which run iptables commands. So somehow I guess, running those iptables commands again after booting makes DNS work. I didn't get a DNS server address from my ISP, so I left that blank in the configuration. I used to have the ip of my ADSL box there (10.0.0.2), but that didn't work, either.

Thanks for any help.

My firehol.conf:

iptables -t filter -I OUTPUT -d 127.0.0.1 -p tcp --dport 3128 -m owner ! --uid-owner dansguardian -j DROP

version 5

transparent_squid 8080 "proxy root"

# Accept all client traffic on any interface
interface any world
# added for the adsl modem:
client dhcp accept
server ICMP accept
server icp accept


# ... open up ports for more services ...

From lspci:
0000:00:00.0 Host bridge: VIA Technologies, Inc. VT8363/8365 [KT133/KM133] (rev 03)
0000:00:01.0 PCI bridge: VIA Technologies, Inc. VT8363/8365 [KT133/KM133 AGP]
...
0000:00:09.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL-8139/8139C/8139C+ (rev 10)

lsmod:

Module Size Used by
binfmt_misc 13192 1
rfcomm 44244 0
l2cap 29184 5 rfcomm
cpufreq_userspace 6816 0
cpufreq_stats 6912 0
freq_table 5152 1 cpufreq_stats
cpufreq_powersave 2240 0
cpufreq_ondemand 8104 0
cpufreq_conservative 9256 0
video 16644 0
tc1100_wmi 7172 0
sony_acpi 5900 0
pcc_acpi 12736 0
hotkey 11812 0
dev_acpi 11652 0
container 4928 0
button 6992 0
acpi_sbs 20556 0
battery 10308 1 acpi_sbs
ac 5508 1 acpi_sbs
i2c_acpi_ec 5440 1 acpi_sbs
ipt_REJECT 6592 0
ip_conntrack_ftp 8560 0
ip_conntrack_irc 7280 0
ipt_LOG 7616 5
ipt_limit 2944 5
ipt_state 2304 31
ipt_owner 2496 1
iptable_filter 3392 1
ip_conntrack 54488 3 ip_conntrack_ftp,ip_conntrack_irc,ipt_state
nfnetlink 7192 1 ip_conntrack
ip_tables 24000 6 ipt_REJECT,ipt_LOG,ipt_limit,ipt_state,ipt_owner,i ptable_filter
nls_cp437 6208 1
ntfs 114288 1
ipv6 287520 26
dm_mod 63640 1
af_packet 25224 2
md_mod 76244 0
lp 12612 0
8139cp 24384 0
bt878 11224 0
tsdev 8320 0
hci_usb 18324 2
bluetooth 54372 7 rfcomm,l2cap,hci_usb
snd_bt87x 15944 0
pcspkr 2564 0
8139too 29568 0
snd_ens1371 26592 3
psmouse 40132 0
mii 6528 2 8139cp,8139too
via686a 17928 0
gameport 17032 1 snd_ens1371
serio_raw 8132 0
snd_rawmidi 27552 1 snd_ens1371
snd_seq_device 9548 1 snd_rawmidi
snd_ac97_codec 99296 1 snd_ens1371
snd_pcm_oss 56352 0
snd_mixer_oss 20800 1 snd_pcm_oss
snd_pcm 96772 4 snd_bt87x,snd_ens1371,snd_ac97_codec,snd_pcm_oss
snd_timer 27204 1 snd_pcm
snd 60068 15 snd_bt87x,snd_ens1371,snd_rawmidi,snd_seq_device,s nd_ac97_codec,snd_pcm_oss,snd_mixer_oss,snd_pcm,sn d_timer
floppy 65924 0
i2c_isa 5504 1 via686a
i2c_viapro 9364 0
soundcore 11040 1 snd
snd_page_alloc 11592 2 snd_bt87x,snd_pcm
snd_ac97_bus 2688 1 snd_ac97_codec
nvidia 4553332 12
tuner 45348 0
tvaudio 25116 0
msp3400 35312 0
bttv 173456 1 bt878
video_buf 23108 1 bttv
i2c_algo_bit 10120 1 bttv
via_agp 10560 1
v4l2_common 6336 1 bttv
btcx_risc 5512 1 bttv
tveeprom 15504 1 bttv
i2c_core 23168 11 i2c_acpi_ec,via686a,i2c_isa,i2c_viapro,nvidia,tune r,tvaudio,msp3400,bttv,i2c_algo_bit,tveeprom
agpgart 37072 2 nvidia,via_agp
videodev 10368 1 bttv
shpchp 49312 0
pci_hotplug 30916 1 shpchp
parport_pc 38340 1
parport 39560 2 lp,parport_pc
evdev 10432 1
ext3 148616 4
jbd 65684 1 ext3
ide_generic 1792 0
ehci_hcd 36104 0
uhci_hcd 35600 0
usbcore 139012 4 hci_usb,ehci_hcd,uhci_hcd
ide_cd 36228 0
cdrom 41504 1 ide_cd
ide_disk 19520 7
via82cxxx 10052 0 [permanent]
generic 5444 0
thermal 14088 0
processor 27208 1 thermal
fan 5124 0
capability 5256 0
commoncap 7616 1 capability
vga16fb 14344 1
vgastate 10304 1 vga16fb
fbcon 44640 72
tileblit 3072 1 fbcon
font 8640 1 fbcon
bitblit 6592 1 fbcon
softcursor 2752 1 bitblit

[MoXplorer]

hey

I am having the same problem regarding loading with DNS, your post is the closest I have come across to a similar case. I tried executing;

sudo /etc/init.d/firehol restart

but I didnt find firehol on my system, kubuntu 6.10.

any other ideas?

thanks.

[pilpi]

The problem for me was that I had traces of gnome lokkit in the system, though I had uninstalled it. I reinstalled it, disabled the firewall from lokkit's setup, then uninstalled it with apt-get --purge remove gnome-lokkit. Now it works.

iptables -L will show you if you have any firewall rules enabled. If you don't, then you will at least know that the problem isn't in your firewall.