|Summary:||Firewall config blocks DNS replys if DHCP checked on install|
|Product:||[Retired] Red Hat Linux||Reporter:||Greg Corson <greg_corson>|
|Component:||anaconda||Assignee:||Bill Nottingham <notting>|
|Status:||CLOSED RAWHIDE||QA Contact:||Brock Organ <borgan>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2001-02-19 23:59:47 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Greg Corson 2001-02-16 02:40:59 UTC
From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0) When installing the system, I checked the "DHCP" option on the network card configuration page. On the firewall page I selected "HIGH". When the install was done the DHCP operated successfully and assigned all the network numbers right, but DNS lookups failed to work. After quite a bit of messing around, discovered the firewall rules were blocking the DNS reply packets. Reproducible: Didn't try Steps to Reproduce: 1.select "DHCP" when installing network 2.select "high" when installing firewall 3. Actual Results: System comes up and DHCP's properly, but firewall rules block the DNS reply packets, presumably because the installer didn't know the DNS server addresses at the time the installer was running. Expected Results: Firewall installer should either setup to allow all DNS reply packets come through, or there should be a re-write of the firewall rules everytime DHCP returns a new set of DNS server numbers. My solution was to do use a static IP address and re-run lokkit which then re-wrote the firewall rules with explicit rules to allow my DNS servers to talk to me. Lokkit seems to install explicit rules to allow DNS reply packets from specific IP numbers. However, every time a machine does a DHCP it can potentially be assigned new DNS server addresses. Because of this it seems you should have a module that re-writes the firewall DNS rules every time DHCP executes. Otherwise, whenever a server address changes DNS lookups will be broken. If you are unable to reproduce the problem please let me know and I will try doing a re-install (or whatever you suggest) to make it happen again. If you DO have something in the installer that DHCP's and trys to include DNS rules into the firewall, then it's possible the DHCP lookup failed for some reason during install, but succeeded on subsequent reboots. P.S. Which firewall config tools in the RH distro still work correctly on the 2.4 kernal? I tried several and they seemed to be unable to list the rules for my firewall.
Comment 1 Michael Fulbright 2001-02-16 14:56:13 UTC
Assigning to a developer.
Comment 2 Bill Nottingham 2001-02-16 17:51:01 UTC
This was fixed in initscripts-5.64 or so, along with pump-0.8.9-1.