Results 1 to 2 of 2
I am having a problem with dns lookups on my internal network. When i do a packet trace, incoming dns traffic is being forwarded successfully through my firewall, but the ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 08-01-2003 #1
- Join Date
- Aug 2003
DNS problems with iptables
I have the four following statements in my firewall scipt that should allow the dns traffic:
$IPT -A FORWARD -i $PUBIF -o $DMZIF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i $DMZIF -o $PUBIF -p udp --dport 53 -j ACCEPT
$IPT -A FORWARD -i $DMZIF -o $PUBIF -p tcp --dport 53 -j ACCEPT
$IPT -t nat -A POSTROUTING -o $PUBIF -s $DMZNET -j MASQUERADE
these are my variables:
$IPT is calling /sbin/iptables
$PUBIF is eth0 which is connected to my cbl modem (WAN)
$DMZIF is eth2 which is connected to my DMZ host
$DMZNET is my DMZ network.
The first statement should only allow "established and related" connections through. I know this is working because I can see the request on the DMZ server when I do a packet trace.
The second statement should allow the return dns traffic through. This is where the packets are getting dropped...I think.
The third statement is configuring my NAT. I know this is working because all of my other services (ftp, web, ssh, etc) are all accessable when my firewall script is running.
I am stuck as to where IPTABLES is breaking...someone please help!!!
- 08-01-2003 #2
can you confirm, from your packet traces, that port 53 is definately being used (ie. you're not using a non-standard port)
Use Suse 10.1 and occasionally play with Kubuntu
Also have Windows 98SE and BeOS