Allow named-xfer's through firewalls

[Derek Balling]

So I'm trying to figure out what the deal is. My secondary was unable 
to retrieve axfr's even though I'd enabled unfettered access to port 
53 via udp or tcp.

So I did some digging and found that the named-xfer requests (he runs 
8.2.3, I run 9.1.x) were going from high-port to high-port, on 
essentially random ports.

So I had to open up "all traffic" from the secondary's IP address. 
It's interesting to note that my OTHER secondary, is ALSO running 
8.2.3 (I think), without any problem.

What am I (or the secondary with issues) doing wrong, and how can it be fixed?

D


Filtered packets:

May  4 20:21:10 minbar kernel: Packet log: input REJECT eth0 PROTO=17 
207.7.10.2:45283 64.71.143.244:33471 L=40 S=0x00 I=45320 F=0x0000 T=1 
(#16)
May  4 20:21:10 minbar kernel: Packet log: input REJECT eth0 PROTO=17 
207.7.10.2:45283 64.71.143.244:33472 L=40 S=0x00 I=45321 F=0x0000 T=1 
(#16)
May  4 20:21:10 minbar kernel: Packet log: input REJECT eth0 PROTO=17 
207.7.10.2:45283 64.71.143.244:33473 L=40 S=0x00 I=45322 F=0x0000 T=1 
(#16)



-- 
+---------------------+-----------------------------------------+
| dredd at megacity.org  | "Conan! What is best in life?"          |
|  Derek J. Balling   | "To crush your enemies, see them        |
|                     |    driven before you, and to hear the   |
|                     |    lamentation of their women!"         |
+---------------------+-----------------------------------------+