DNS requests error sending response: host unreachable
Romgo
romgo at free.fr
Tue Mar 13 08:48:57 UTC 2012
I see, but It should be statefull right ?
On 12 March 2012 23:57, Mark Andrews <marka at isc.org> wrote:
>
> In message <
> CAAoQnKg-xfkWs_fEn9KeDub7w19vF4JoCSfp52Lb8ixv5+G_Yg at mail.gmail.com>
> , Romgo writes:
> >
> > Here is my Iptables configuration for bind :
> >
> > # prod.dns.in
> > $IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
> > 192.168.201.2 -s 0/0
> > $IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
> > 192.168.201.2 -s 0/0
> >
> >
> > # OUTPUT
> > #-------------
> > # prod.dns.out
> > $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p tcp --dport 53 -o eth1 -s
> > 192.168.201.2 -d 0/0
> > $IPTABLES -t filter -A OUTPUT -j LOGACCEPT -p udp --dport 53 -o eth1 -s
> > 192.168.201.2 -d 0/0
>
> This is obviously wrong. You want to be looking at the source port not
> the destination port for reply traffic.
>
> Mark
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20120313/123d922a/attachment.html>
More information about the bind-users
mailing list