Zitat von Romgo :
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
It is a somewhat special case. UDP by itself is not stateful at all so
any stateful firewall have to use some timeout values to decide if the
"co
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
Thanks for the help.
On 13 March 2012 10:19, wrote:
> Zitat von Romgo :
>
>
> I see, but It should be statefull right ?
>>
>>
> If using stateful UPD filtering you m
Zitat von Romgo :
I see, but It should be statefull right ?
If using stateful UPD filtering you might get hit by short timeout
values for UDP state matching, so packets get dropped if the query is
too slow.
Regards
Andreas
___
Please visit
I see, but It should be statefull right ?
On 12 March 2012 23:57, Mark Andrews wrote:
>
> In message <
> caaoqnkg-xfkws_fen9kedub7w19vf4jocsfp52lb8ixv5+g...@mail.gmail.com>
> , Romgo writes:
> >
> > Here is my Iptables configuration for bind :
> >
> > # prod.dns.in
> > $IPTABLES -t filter -A IN
In message
, Romgo writes:
>
> Here is my Iptables configuration for bind :
>
> # prod.dns.in
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
> 192.168.201.2 -s 0/0
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
> 192.168.201.2 -s 0/0
>
>
> #
Sorry, it has a space, I just made an error by copying.
Yes 192.168.201.2 is dropped because it uses source port 53. I don't have
any iptables rule for this.
I don't understand why there is a packet with source port 53.
On 12 March 2012 21:33, Chuck Swiger wrote:
> On Mar 12, 2012, at 1:24
On Mar 12, 2012, at 1:24 PM, Romgo wrote:
> Here is my Iptables configuration for bind :
>
> # prod.dns.in
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
> 192.168.201.2 -s 0/0
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
> 192.168.201.2 -s 0/
Here is my Iptables configuration for bind :
# prod.dns.in
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
192.168.201.2 -s 0/0
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
192.168.201.2 -s 0/0
# OUTPUT
#-
# prod.dns.out
$IPTABLES -t fi
On Mar 12, 2012, at 8:09 AM, Romgo wrote:
> Dear community,
>
> I do have many error in my Bind's log file such as :
>
> client 192.168.201.1#29404: error sending response: host unreachable
>
> It seems that I have an iptables issue as each time I shut iptables I don't
> have anymore this messa
Dear community,
I do have many error in my Bind's log file such as :
client 192.168.201.1#29404: error sending response: host unreachable
It seems that I have an iptables issue as each time I shut iptables I don't
have anymore this message showing up.
I saw that my firewall is dropping packets
10 matches
Mail list logo
