Where did you get your image from? Did you build it from scratch, or download from downloads.openwrt.org?
c On Mon, Jan 20, 2014 at 7:16 PM, camden lindsay <[email protected]> wrote: > Running Bleeding Edge, r39218 > > camdenl@camdenl:~$ nmap dryhollow.c-j-l.net -p 53 > > Starting Nmap 5.21 ( http://nmap.org ) at 2014-01-20 19:13 PST > Nmap scan report for dryhollow.c-j-l.net (71.92.144.233) > Host is up (0.11s latency). > rDNS record for 71.92.144.233: 71-92-144-233.static.mdfd.or.charter.com > PORT STATE SERVICE > 53/tcp closed domain > > Nmap done: 1 IP address (1 host up) scanned in 0.30 seconds > camdenl@camdenl:~$ > > > This isn't anything I have set up custom in UCI: > [email protected]:~# uci show firewall | grep -v redirect > firewall.@defaults[0]=defaults > firewall.@defaults[0].syn_flood=1 > firewall.@defaults[0].input=ACCEPT > firewall.@defaults[0].output=ACCEPT > firewall.@defaults[0].forward=REJECT > firewall.@zone[0]=zone > firewall.@zone[0].name=lan > firewall.@zone[0].network=lan > firewall.@zone[0].input=ACCEPT > firewall.@zone[0].output=ACCEPT > firewall.@zone[0].forward=REJECT > firewall.@zone[1]=zone > firewall.@zone[1].name=wan > firewall.@zone[1].input=REJECT > firewall.@zone[1].output=ACCEPT > firewall.@zone[1].forward=REJECT > firewall.@zone[1].masq=1 > firewall.@zone[1].mtu_fix=1 > firewall.@zone[1].network=wan > firewall.@rule[0]=rule > firewall.@rule[0].name=Allow-DHCP-Renew > firewall.@rule[0].src=wan > firewall.@rule[0].proto=udp > firewall.@rule[0].dest_port=68 > firewall.@rule[0].target=ACCEPT > firewall.@rule[0].family=ipv4 > firewall.@rule[1]=rule > firewall.@rule[1].name=Allow-Ping > firewall.@rule[1].src=wan > firewall.@rule[1].proto=icmp > firewall.@rule[1].icmp_type=echo-request > firewall.@rule[1].family=ipv4 > firewall.@rule[1].target=ACCEPT > firewall.@rule[2]=rule > firewall.@rule[2].name=Allow-DHCPv6 > firewall.@rule[2].src=wan > firewall.@rule[2].proto=udp > firewall.@rule[2].src_ip=fe80::/10 > firewall.@rule[2].src_port=547 > firewall.@rule[2].dest_ip=fe80::/10 > firewall.@rule[2].dest_port=546 > firewall.@rule[2].family=ipv6 > firewall.@rule[2].target=ACCEPT > firewall.@rule[3]=rule > firewall.@rule[3].name=Allow-ICMPv6-Input > firewall.@rule[3].src=wan > firewall.@rule[3].proto=icmp > firewall.@rule[3].icmp_type=echo-request destination-unreachable > packet-too-big time-exceeded bad-header unknown-header-type > router-solicitation neighbour-solicitation > firewall.@rule[3].limit=1000/sec > firewall.@rule[3].family=ipv6 > firewall.@rule[3].target=ACCEPT > firewall.@rule[4]=rule > firewall.@rule[4].name=Allow-ICMPv6-Forward > firewall.@rule[4].src=wan > firewall.@rule[4].dest=* > firewall.@rule[4].proto=icmp > firewall.@rule[4].icmp_type=echo-request destination-unreachable > packet-too-big time-exceeded bad-header unknown-header-type > firewall.@rule[4].limit=1000/sec > firewall.@rule[4].family=ipv6 > firewall.@rule[4].target=ACCEPT > firewall.@include[0]=include > firewall.@include[0].path=/etc/firewall.user > firewall.@forwarding[0]=forwarding > firewall.@forwarding[0].dest=wan > firewall.@forwarding[0].src=lan > > > I have an image i can flash back to 12.09 that I can load perhaps when > I get home next week and check. > > > On Mon, Jan 20, 2014 at 5:33 PM, Randy Bush <[email protected]> wrote: >>> I'm too lazy to log into my box and dump iptables but I'm 99% sure 53 >>> isn't open on the wan. >> >> i am willing to believe that you have iptables that block incoming 53 >> on the wan. otoh, from my testing it seemed pretty clear that my three >> boxes were open on the wan. >> >> if you would be so kind as to un-laze and dump your iptables, maybe >> that will help me sort it out. >> >> randy >> _______________________________________________ >> openwrt-users mailing list >> [email protected] >> https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users _______________________________________________ openwrt-users mailing list [email protected] https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-users
