Running Bleeding Edge, r39218 camdenl@camdenl:~$ nmap dryhollow.c-j-l.net -p 53
Starting Nmap 5.21 ( http://nmap.org ) at 2014-01-20 19:13 PST Nmap scan report for dryhollow.c-j-l.net (71.92.144.233) Host is up (0.11s latency). rDNS record for 71.92.144.233: 71-92-144-233.static.mdfd.or.charter.com PORT STATE SERVICE 53/tcp closed domain Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds camdenl@camdenl:~$ This isn't anything I have set up custom in UCI: [email protected]:~# uci show firewall | grep -v redirect firewall.@defaults[0]=defaults firewall.@defaults[0].syn_flood=1 firewall.@defaults[0].input=ACCEPT firewall.@defaults[0].output=ACCEPT firewall.@defaults[0].forward=REJECT firewall.@zone[0]=zone firewall.@zone[0].name=lan firewall.@zone[0].network=lan firewall.@zone[0].input=ACCEPT firewall.@zone[0].output=ACCEPT firewall.@zone[0].forward=REJECT firewall.@zone[1]=zone firewall.@zone[1].name=wan firewall.@zone[1].input=REJECT firewall.@zone[1].output=ACCEPT firewall.@zone[1].forward=REJECT firewall.@zone[1].masq=1 firewall.@zone[1].mtu_fix=1 firewall.@zone[1].network=wan firewall.@rule[0]=rule firewall.@rule[0].name=Allow-DHCP-Renew firewall.@rule[0].src=wan firewall.@rule[0].proto=udp firewall.@rule[0].dest_port=68 firewall.@rule[0].target=ACCEPT firewall.@rule[0].family=ipv4 firewall.@rule[1]=rule firewall.@rule[1].name=Allow-Ping firewall.@rule[1].src=wan firewall.@rule[1].proto=icmp firewall.@rule[1].icmp_type=echo-request firewall.@rule[1].family=ipv4 firewall.@rule[1].target=ACCEPT firewall.@rule[2]=rule firewall.@rule[2].name=Allow-DHCPv6 firewall.@rule[2].src=wan firewall.@rule[2].proto=udp firewall.@rule[2].src_ip=fe80::/10 firewall.@rule[2].src_port=547 firewall.@rule[2].dest_ip=fe80::/10 firewall.@rule[2].dest_port=546 firewall.@rule[2].family=ipv6 firewall.@rule[2].target=ACCEPT firewall.@rule[3]=rule firewall.@rule[3].name=Allow-ICMPv6-Input firewall.@rule[3].src=wan firewall.@rule[3].proto=icmp firewall.@rule[3].icmp_type=echo-request destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type router-solicitation neighbour-solicitation firewall.@rule[3].limit=1000/sec firewall.@rule[3].family=ipv6 firewall.@rule[3].target=ACCEPT firewall.@rule[4]=rule firewall.@rule[4].name=Allow-ICMPv6-Forward firewall.@rule[4].src=wan firewall.@rule[4].dest=* firewall.@rule[4].proto=icmp firewall.@rule[4].icmp_type=echo-request destination-unreachable packet-too-big time-exceeded bad-header unknown-header-type firewall.@rule[4].limit=1000/sec firewall.@rule[4].family=ipv6 firewall.@rule[4].target=ACCEPT firewall.@include[0]=include firewall.@include[0].path=/etc/firewall.user firewall.@forwarding[0]=forwarding firewall.@forwarding[0].dest=wan firewall.@forwarding[0].src=lan I have an image i can flash back to 12.09 that I can load perhaps when I get home next week and check. On Mon, Jan 20, 2014 at 5:33 PM, Randy Bush <[email protected]> wrote: >> I'm too lazy to log into my box and dump iptables but I'm 99% sure 53 >> isn't open on the wan. > > i am willing to believe that you have iptables that block incoming 53 > on the wan. otoh, from my testing it seemed pretty clear that my three > boxes were open on the wan. > > if you would be so kind as to un-laze and dump your iptables, maybe > that will help me sort it out. > > randy > _______________________________________________ > openwrt-users mailing list > [email protected] > https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
