Zitat von Romgo ro...@free.fr:
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
It is a somewhat special case. UDP by itself is not stateful at all so
any stateful firewall have to use some timeout values to
I see, but It should be statefull right ?
On 12 March 2012 23:57, Mark Andrews ma...@isc.org wrote:
In message
caaoqnkg-xfkws_fen9kedub7w19vf4jocsfp52lb8ixv5+g...@mail.gmail.com
, Romgo writes:
Here is my Iptables configuration for bind :
# prod.dns.in
$IPTABLES -t filter -A
Zitat von Romgo ro...@free.fr:
I see, but It should be statefull right ?
If using stateful UPD filtering you might get hit by short timeout
values for UDP state matching, so packets get dropped if the query is
too slow.
Regards
Andreas
___
All right.
this seems to correct the issue.
But that's the first time I had to open the firewall for a packet answer.
weird.
Thanks for the help.
On 13 March 2012 10:19, lst_ho...@kwsoft.de wrote:
Zitat von Romgo ro...@free.fr:
I see, but It should be statefull right ?
If using
Dear community,
I do have many error in my Bind's log file such as :
client 192.168.201.1#29404: error sending response: host unreachable
It seems that I have an iptables issue as each time I shut iptables I don't
have anymore this message showing up.
I saw that my firewall is dropping packets
On Mar 12, 2012, at 8:09 AM, Romgo wrote:
Dear community,
I do have many error in my Bind's log file such as :
client 192.168.201.1#29404: error sending response: host unreachable
It seems that I have an iptables issue as each time I shut iptables I don't
have anymore this message
On Mar 12, 2012, at 1:24 PM, Romgo wrote:
Here is my Iptables configuration for bind :
# prod.dns.in
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
192.168.201.2 -s 0/0
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p tcp --dport 53 -i eth1 -d
192.168.201.2 -s 0/0
Sorry, it has a space, I just made an error by copying.
Yes 192.168.201.2 is dropped because it uses source port 53. I don't have
any iptables rule for this.
I don't understand why there is a packet with source port 53.
On 12 March 2012 21:33, Chuck Swiger cswi...@mac.com wrote:
On Mar 12,
In message caaoqnkg-xfkws_fen9kedub7w19vf4jocsfp52lb8ixv5+g...@mail.gmail.com
, Romgo writes:
Here is my Iptables configuration for bind :
# prod.dns.in
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p udp --dport 53 -i eth1-d
192.168.201.2 -s 0/0
$IPTABLES -t filter -A INPUT -j LOGACCEPT -p
9 matches
Mail list logo
