Find the answer to your Linux question:
Results 1 to 2 of 2
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    DNS problems with iptables

    I am having a problem with dns lookups on my internal network. When i do a packet trace, incoming dns traffic is being forwarded successfully through my firewall, but the return (outgoing) dns traffic is getting dropped. I know I have dns set up correctly on my DMZ server because I can shut down my firewall and just enable the routing, and everything works fine (after entering some static routes on outside clients to negotiate my disabled nat).

    I have the four following statements in my firewall scipt that should allow the dns traffic:


    $IPT -A FORWARD -i $DMZIF -o $PUBIF -p udp --dport 53 -j ACCEPT
    $IPT -A FORWARD -i $DMZIF -o $PUBIF -p tcp --dport 53 -j ACCEPT

    these are my variables:

    $IPT is calling /sbin/iptables
    $PUBIF is eth0 which is connected to my cbl modem (WAN)
    $DMZIF is eth2 which is connected to my DMZ host
    $DMZNET is my DMZ network.

    explanation...(i think)
    The first statement should only allow "established and related" connections through. I know this is working because I can see the request on the DMZ server when I do a packet trace.

    The second statement should allow the return dns traffic through. This is where the packets are getting dropped...I think.
    The third statement is configuring my NAT. I know this is working because all of my other services (ftp, web, ssh, etc) are all accessable when my firewall script is running.

    I am stuck as to where IPTABLES is breaking...someone please help!!!

  2. #2
    Linux Engineer Nerderello's Avatar
    Join Date
    Apr 2003
    North East England
    can you confirm, from your packet traces, that port 53 is definately being used (ie. you're not using a non-standard port)


    Use Suse 10.1 and occasionally play with Kubuntu
    Also have Windows 98SE and BeOS

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts