DNS requests error sending response: host unreachable
Mark Andrews
marka at isc.org
Mon Mar 12 22:57:42 UTC 2012
In message <CAAoQnKg-xfkWs_fEn9KeDub7w19vF4JoCSfp52Lb8ixv5+G_Yg at mail.gmail.com>
, Romgo writes:
>
> Here is my Iptables configuration for bind :
>
> # prod.dns.in
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
> 192.168.201.2 -s 0/0
> $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
> 192.168.201.2 -s 0/0
>
>
> # OUTPUT
> #-------------
> # prod.dns.out
> $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p tcp --dport 53 -o eth1 -s
> 192.168.201.2 -d 0/0
> $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p udp --dport 53 -o eth1 -s
> 192.168.201.2 -d 0/0
This is obviously wrong. You want to be looking at the source port not
the destination port for reply traffic.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list