iptables and hostname resolving
I have linux 9.0 mdk machine running as gateway for my network.
There are 2 interfaces
eth0 - connected to the internet
eth1 - to the ethernet
There is no DNS server on my machine.
I have configured iptables on my server to filter FORWARD packets going to/out from my local network.
:FORWARD DROP [1:1500]
-A FORWARD -i eth0 -p tcp -j tcp_packets_forward_in
-A FORWARD -i eth1 -p tcp -j tcp_packets_forward_out
-A FORWARD -i eth0 -p udp -j udp_packets_forward_in
-A FORWARD -i eth1 -p udp -j udp_packets_forward_out
#-A FORWARD -i eth1 -j ACCEPT
-A tcp_packets_forward_in -p tcp -m tcp --sport 53 -j allowed
-A tcp_packets_forward_out -p tcp -m tcp --dport 53 -j allowed
-A udp_packets_forward_in -p udp -m udp --sport 53 -j ACCEPT
-A udp_packets_forward_out -p udp -m udp --dport 53 -j ACCEPT
The problem is that sometimes (ones a day for ex.) browsers on computers in local network begin show up "Cannot display page" error message almost for all websites. But ''ping hostname" works well.
And when I comment out line shown as commented in the above
example - all start working! All websites are loading and so on. And if after that I comment that line again - all will continue working...
May be someone have had similiar problem?