DNS problems with iptables
I am having a problem with dns lookups on my internal network. When i do a packet trace, incoming dns traffic is being forwarded successfully through my firewall, but the return (outgoing) dns traffic is getting dropped. I know I have dns set up correctly on my DMZ server because I can shut down my firewall and just enable the routing, and everything works fine (after entering some static routes on outside clients to negotiate my disabled nat).
I have the four following statements in my firewall scipt that should allow the dns traffic:
$IPT -A FORWARD -i $PUBIF -o $DMZIF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPT -A FORWARD -i $DMZIF -o $PUBIF -p udp --dport 53 -j ACCEPT
$IPT -A FORWARD -i $DMZIF -o $PUBIF -p tcp --dport 53 -j ACCEPT
$IPT -t nat -A POSTROUTING -o $PUBIF -s $DMZNET -j MASQUERADE
these are my variables:
$IPT is calling /sbin/iptables
$PUBIF is eth0 which is connected to my cbl modem (WAN)
$DMZIF is eth2 which is connected to my DMZ host
$DMZNET is my DMZ network.
The first statement should only allow "established and related" connections through. I know this is working because I can see the request on the DMZ server when I do a packet trace.
The second statement should allow the return dns traffic through. This is where the packets are getting dropped...I think.
The third statement is configuring my NAT. I know this is working because all of my other services (ftp, web, ssh, etc) are all accessable when my firewall script is running.
I am stuck as to where IPTABLES is breaking...someone please help!!!