You need some rules that allow the internal machine(s) to resolve host names. This can be done by running an own (caching only) DNS Server, that must be allowed to contact external DNS Servers or by allowing the internal machines to contact external DNS servers.
The general approach to all firewalling/filtering is:
- Sit down with a piece of paper
- make up your mind about the policy by writing it down in a table looking somthing like:
source destination service port/protocol allow log
------------------------------------------------------------- LAN any http 80/tcp y n LAN any https 443/tcp y n LAN ISP DNS DNS 53/udp y n LAN ISP MTA smtp 25/tcp y n .... ... .... ... y n any any any any n y After that implement thar ruleset into your filtering machine (whatever you use). If something is not working it will for sure be caught by the last rule (deny everything) and show up in the logfile. Watch the logfile and maybe allow addional connections according to your requirements.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.