Re: [Security Firewall] Shorewall reject access DNS

Thu, 18 Nov 2004 06:21:02 -0800 

Hi, 

I presume you have a pptp DSL modem ... because you're mentioning the
10.0.0.138 IP address ...

I don't know how your firewall is setup ... 
You seem to miss the fw -> lan udp 53 ACCEPT rule ...

my 2cts,

>Armando Roque <[EMAIL PROTECTED]> writes:

> Hi,
> 
> I'm working on new box with mnf82, and it's reject connection with DNS on
> eth1 (external).
> 
> Shorewall:fw2all:REJECT:IN= OUT=eth1 SRC=10.0.0.137 DST=200.175.89.139
> LEN=67 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=53 LEN=47
> 
> Shorewall:fw2all:REJECT:IN= OUT=eth1 SRC=10.0.0.137 DST=200.175.89.139
> LEN=81 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=53 LEN=61
> 
> Test of ping
> 
> Modem ADSL
> 
> [EMAIL PROTECTED] admin]# ping 10.0.0.138
> PING 10.0.0.138 (10.0.0.138) from 10.0.0.137 : 56(84) bytes of data.
> 64 bytes from 10.0.0.138: icmp_seq=0 ttl=255 time=1.902 msec
> 64 bytes from 10.0.0.138: icmp_seq=1 ttl=255 time=1.083 msec
> 
> --- 10.0.0.138 ping statistics ---
> 2 packets transmitted, 2 packets received, 0% packet loss
> round-trip min/avg/max/mdev = 1.083/1.492/1.902/0.411 ms
> 
> Ping host external
> 
> [EMAIL PROTECTED] admin]# ping 198.41.0.6
> PING 198.41.0.6 (198.41.0.6) from 10.0.0.137 : 56(84) bytes of data.
> 64 bytes from 198.41.0.6: icmp_seq=0 ttl=235 time=225.833 msec
> 64 bytes from 198.41.0.6: icmp_seq=1 ttl=235 time=213.165 msec
> 64 bytes from 198.41.0.6: icmp_seq=2 ttl=235 time=219.819 msec
> 
> --- 198.41.0.6 ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max/mdev = 213.165/219.605/225.833/5.202 msec
> 
> 
> Rules of Shorewall
> 1     ACCEPT  fw      wan     tcp+udp         53                      
> 2     ACCEPT  dmz     wan     udp     53                      
> 3     ACCEPT  lan     wan     udp     53                      
> ...
> 25    ACCEPT  lan     fw      udp     53                      
> 
> Anyone have a suggestion about this problem?
> 
> Thanks,
> 
> Armando
> 
> ____________________________________________________
> Want to buy your Pack or Services from MandrakeSoft? 
> Go to http://www.mandrakestore.com
> Join the Club : http://www.mandrakeclub.com
> ____________________________________________________

-- 
Florin                          http://www.mandrakesoft.com
                                http://people.mandrakesoft.com/~florin/


____________________________________________________
Want to buy your Pack or Services from MandrakeSoft? 
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________

Reply via email to