I upgraded my home network router from MDK8.1 to RH8.0. Machines behind the firewall can resolve hostnames, but the router itself cannot resolve anything that isn't in /etc/hosts. /etc/resolv.conf contains exactly the same nameservers that dhcpd is giving to the machines on the LAN, plus a 'search' statement with what I guess is the hostname my ISP has given me. /etc/host.conf contains 'order hosts,bind'.

I'm pretty sure it's not my firewall rules. Just to be sure, I flushed the INPUT, OUTPUT, and FORWARD chains and set their policies to ACCEPT. Still no love. It's not timing out; if I type "telnet foo" it *instantly* says it cannot resolve foo.

Is something wrong with the resolver library in RedHat's glibc-2.2.93-5?

Try to look into you routing table. Or can you ping outside using IP address?

I get:

ping: sendmsg: Operation not permitted

...but I think you're onto something, because I can't telnet to a numeric address either.

Any particular man pages I should look at?

Your routing table may not be set up right. Do a "man route" and see if you can find any info to fix your problem.

If not, post your routing table

# netstat -r
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.0 * 255.255.255.0 U 40 0 0 eth1
68.54.20.0 * 255.255.254.0 U 40 0 0 eth0
127.0.0.0 * 255.0.0.0 U 40 0 0 lo
default 68.54.20.1 0.0.0.0 UG 40 0 0 eth0

#ifconfig eth0
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX:XX
inet addr:68.54.21.XX Bcast:68.54.21.255 Mask:255.255.254.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1825751 errors:1 dropped:0 overruns:0 frame:1
TX packets:1034919 errors:0 dropped:0 overruns:0 carrier:0
collisions:1537 txqueuelen:100
RX bytes:384340324 (366.5 Mb) TX bytes:149228183 (142.3 Mb)
Interrupt:11 Base address:0x1000


(I put those X's in there for paranoia purposes...)

I remember during installation, the installer assumed a netmask of 255.255.254.0 when I selected dhcp/bootp for eth0. I thought that was kind of odd, but I assumed it would be overridden by whatever I actually got from the dhcp server. (The machine was not connected to any network during the install.)

But anyhow, now that I think about it... if it were a problem with the routing table, why would the hosts on my LAN be able to reach the Internet through this router? NAT is working perfectly.

So please give more detail of what happer

1) Can your hosts of your private network connect to outside?
2) Can hosts of your private network connect to your NAT/firewall host?
3) Can your hosts of your private network contact each other?
4)Can your NAT/firewall host contacts hosts of your private network?

1) Can your hosts of your private network connect to outside? YES - NAT works perfectly
2) Can hosts of your private network connect to your NAT/firewall host? YES - I can connect to its httpd
3) Can your hosts of your private network contact each other? YES - smb filesharing works
4)Can your NAT/firewall host contacts hosts of your private network? NO

I did a tcpdump -i eth0 (the external interface) and telnetted from a host on my private network to a host on the Internet. This showed up in the tcpdump output. I then attempted to telnet from the NAT/firewall host to the same external host, using its numeric address. The connection timed out and no telnet activity showed up in tcpdump.

I then did this:

# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT

Still cannot telnet out of the NAT box, and nothing from tcpdump! All the while, NAT continues to work just fine!

Could it be something in /etc/nsswitch.conf?

This is strange, the only thing I can suggest is to flush all your firewall rule and try to see if it work.

# iptables -P INPUT ACCEPT
# iptables -F INPUT
# iptables -P OUTPUT ACCEPT
# iptables -F OUTPUT

these will only flush the input and output rules, you should flush the nat table too. (Just in case you have done something wrong with the nat table).



# flush all the rules in the filter and nat tables.
#
$IPTABLES -F
$IPTABLES -t nat -F
$IPTABLES -t mangle -F
#
# erase all chains that's not default in filter and nat table.
#
$IPTABLES -X
$IPTABLES -t nat -X
$IPTABLES -t mangle -X

good luck