From Bugzilla Helper: User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.4.0-0.99.11 i686) The firewall is setup before the dhcp query for the DNS nameservers. Therefore /etc/sysconfig/ipchains does not have any permissions setup for the DNS namesevers. Therefore the firewall prohibits (1) the host from resolving it's own DNS name from the nameservers (2) the host from resolving any other DNS name from the nameservers. I think you need to do the dhcp query before setting up the firewall permissions during the boot. To work around the problem I have to use the Text Mode Setup Utility "setup" to (1) remove the firewall configuration, (2) configure the network, (3) configure the firewall again (I don't want to play with the init scripts). Reproducible: Always Steps to Reproduce: 1. install fisher 2. choose dhcp network setup 3. choose firewall setup Actual Results: can not resolve DNS names after boot Expected Results: should be able to resolve DNS names after boot refer to Bug # 25936
But if the host also requires DHCP, you need to check the 'DHCP' box too. Does that solve the problem?
*** This bug has been marked as a duplicate of 25510 ***
oops, wrong bug.
*** Bug 25490 has been marked as a duplicate of this bug. ***
*** Bug 25408 has been marked as a duplicate of this bug. ***
*** Bug 26010 has been marked as a duplicate of this bug. ***
Selecting DHCP in the firewall configuration is only required if you are going to run a DHCP server - not just if you're a client. (I tested this a couple of times myself, and this is also what the docs say should be the case.) The problem is that when RHL first installs (selecting DHCP for DNS allocation), anaconda leaves the file as: :input ACCEPT :forward ACCEPT :output ACCEPT -A input -s 0/0 -d 0/0 -i lo -j ACCEPT -A input -s 0/0 -d 0/0 -p tcp -y -j DENY -A input -s 0/0 -d 0/0 -p udp -j DENY and as a result DNS lookup won't work. If you re-run lokkit, and choose high security after installation, assuming DHCP has allocated your DNS servers and they have been recorded in /etc/resolv.conf you will now have appropriate DNS entries, i.e.: :input ACCEPT :forward ACCEPT :output ACCEPT -A input -s 0/0 -d 0/0 -i lo -j ACCEPT -A input -s 1.2.3.4 53 -d 0/0 -p udp -j ACCEPT -A input -s 1.2.3.5 53 -d 0/0 -p udp -j ACCEPT -A input -s 0/0 -d 0/0 -p tcp -y -j DENY -A input -s 0/0 -d 0/0 -p udp -j DENY We either need anaconda to be DNS aware, or we need the high security rules to allow incoming 53 dns. Two more important issues: - Allocation of new dns servers (manually specified or via DHCP). I presume this is not being properly catered for in our automated /etc/sysconfig/ipchains rules and this is going to be a real problem for people. - Another problem is lokkit does not wipe out the firewall rules it has put in place, when you run it as root and select no firewall!! I can test or provide any more information if necessary.
*** Bug 25936 has been marked as a duplicate of this bug. ***
*** Bug 25929 has been marked as a duplicate of this bug. ***
*** Bug 26114 has been marked as a duplicate of this bug. ***
Upping the priority and severity! I hit this bigtime. The installer pretty much directs you to selecting "High security" firewall, which is great. The blurb at the left side of the dialog claims that a high security setup will let in DNS and nothing else. . It lied. . I configured and brought up my modem dialup link. And it was hosed due to blocked name resolution. :-(
It doesn't exactly *lie*, it just lets in only the DNS that's configured at install time. :)
This should be fixed in initscripts-5.62-1.