Here's a script I'm using to create some tables which will only allow in on ports I'm running services. One of the problems I'm havng is that I can't ping the Internet with a DNS address from this machine. I've allowed everything in the OUTPUT table and can ping the Internet when using a straight IP, but when I type in "ping google.com" the machine hangs for a few seconds and gives me a server request error. I know it's something with my rules because when I flush them all I can ping google.com just fine. Any ideas would be greatly appreciated. I'm guessing it's something trivial but can't put my finger on it yet.
thanks
#!/bin/bash
########## Beginning ###########################################################
# Define Interfaces/Networks
# Inside/Intranet Interface
INSIDEIP="192.168.7.55"
INSIDEINT="eth0"
# External/Internet Interface # OUTSIDEIP=
# OUTSIDEINT=
# LAN Network
LAN="192.168.7.0/24"
# Admin Host
ADMIN="192.168.7.51"
# Define other Variables
RULE="/usr/sbin/iptables"
# Flushing All rules/chains
$RULE -A INPUT LOG
$RULE -A OUTPUT LOG
$RULE -A FORWARD LOG
$RULE -P INPUT DROP
$RULE -P OUTPUT DROP
$RULE -P FORWARD DROP
$RULE -F INPUT
$RULE -F OUTPUT
$RULE -F FORWARD
# Adding Permittable Network/Hosts/Ports to Input Table on Internal Interface
# Allowing DNS,FTP,SSH,Webmin,HTTP,SWAT,and Samba to Server
$RULE -A INPUT -i $INSIDEINT --proto icmp --icmp-type any -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 21 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 22 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 53 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 80 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 137 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 138 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 139 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 445 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 901 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 10000 -d $INSIDEIP -j ACCEPT
# Denying Everything on Local Network
# Adding entry to allow everything originating from Internal Interface out
$RULE -A OUTPUT -j ACCEPT
########## END ################################################################
thanks
#!/bin/bash
########## Beginning ###########################################################
# Define Interfaces/Networks
# Inside/Intranet Interface
INSIDEIP="192.168.7.55"
INSIDEINT="eth0"
# External/Internet Interface # OUTSIDEIP=
# OUTSIDEINT=
# LAN Network
LAN="192.168.7.0/24"
# Admin Host
ADMIN="192.168.7.51"
# Define other Variables
RULE="/usr/sbin/iptables"
# Flushing All rules/chains
$RULE -A INPUT LOG
$RULE -A OUTPUT LOG
$RULE -A FORWARD LOG
$RULE -P INPUT DROP
$RULE -P OUTPUT DROP
$RULE -P FORWARD DROP
$RULE -F INPUT
$RULE -F OUTPUT
$RULE -F FORWARD
# Adding Permittable Network/Hosts/Ports to Input Table on Internal Interface
# Allowing DNS,FTP,SSH,Webmin,HTTP,SWAT,and Samba to Server
$RULE -A INPUT -i $INSIDEINT --proto icmp --icmp-type any -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 21 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 22 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 53 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 80 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 137 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 138 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 139 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp --dport 445 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 901 -d $INSIDEIP -j ACCEPT
$RULE -A INPUT -i $INSIDEINT --proto tcp -s $ADMIN --dport 10000 -d $INSIDEIP -j ACCEPT
# Denying Everything on Local Network
# Adding entry to allow everything originating from Internal Interface out
$RULE -A OUTPUT -j ACCEPT
########## END ################################################################