hi all,

my 1841 router can't resolve dns after enable ios firewall, I try to ping google.com from router's console fail, but dns resolution is fine from lan side.

what could be the cause?

my partial config---------------------------------

!

ip name-server 8.8.8.8

ip inspect name myfirewall tcp

ip inspect name myfirewall udp

ip inspect name myfirewall ftp

ip inspect name myfirewall icmp

ip inspect name myfirewall bootpc

ip inspect name myfirewall bootps

ip inspect name myfirewall dns

!

!

interface FastEthernet0/0

ip address 172.16.1.2 255.255.255.0

ip access-group 103 in

ip nat outside

ip inspect myfirewall out

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 10.2.1.1 255.255.255.0

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 172.16.1.1

ip http server

ip http authentication local

no ip http secure-server

!

!

ip nat inside source list 1 interface FastEthernet0/0 overload

!

access-list 1 permit 10.2.1.0 0.0.0.255

access-list 101 permit udp any any eq bootpc

access-list 102 permit ip 10.2.1.0 0.0.0.255 any

access-list 102 permit ip host 172.16.1.2 any

access-list 103 permit tcp any any eq telnet

access-list 103 permit tcp any any eq 22

access-list 103 permit tcp any any eq www

access-list 103 permit tcp any any eq ftp

access-list 103 permit icmp any any

access-list 103 deny   ip any any

!