CS wrote:
>Hi Kevin,
>I just tried another option. I shut down firewall all together in my
>local dns (fFW and dns in same box). Then I can get return at my
>client side. Then I restart iptables, my client can not get return
>again.
>So it is the firewall blocks dns. But I tried iptables below in dns to
>open the port. Why still not working?
>
>iptables -A INPUT -p udp -m udp --dport 53 -j ACCEPT
>iptables -A OUTPUT -p dup -m dup --sport 53 -j ACCEPT
>iptables -A INPUT -p dup --sport 53 -dport 53 -j ACCEPT
>iptables -A OUTPUT -p dup --sport 53 -dport 53 -j ACCEPT
>iptables -A INPUT -p tcp --sport 53 -dport 53 -j ACCEPT
>iptables -A OUTPUT -p tcp --sport 53 -dport 53 -j ACCEPT
>
I'm not too familiar with iptables, but I note that you have
inconsistent values for the "-p" parameter. In some cases it's "udp",
and in other cases it's "dup". Was that your intention?
- Kevin