after upgrade to 9.080 the interfaces are up, in error state and DNS don't run.
But only the Astaro can not use the DNS anymore, my DNS Server beding the UTM is able to resolve every name.
here is the system.log:
2013:03:29-19:13:52 firewall-1 dns-resolver[4358]: Updating REF_ftMupyRPBY :: nds2.fds-fire.nokia.com
2013:03:29-19:13:58 firewall-1 init: Switching to runlevel: 6
2013:03:29-19:14:11 firewall-1 ulogd[4592]: SIGTERM received
2013:03:29-19:14:13 firewall-1 postgres[3766]: [3-1] LOG: received fast shutdown request
2013:03:29-19:14:13 firewall-1 postgres[3766]: [4-1] LOG: aborting any active transactions
2013:03:29-19:14:13 firewall-1 postgres[13808]: [3-1] FATAL: terminating connection due to administrator command
2013:03:29-19:14:13 firewall-1 postgres[13809]: [3-1] FATAL: terminating connection due to administrator command
2013:03:29-19:14:13 firewall-1 postgres[3771]: [3-1] LOG: autovacuum launcher shutting down
2013:03:29-19:14:14 firewall-1 postgres[3768]: [2-1] LOG: shutting down
2013:03:29-19:14:14 firewall-1 postgres[3768]: [3-1] LOG: database system is shut down
2013:03:29-19:14:17 firewall-1 syslog-ng[2798]: Termination requested via signal, terminating;
2013:03:29-19:14:17 firewall-1 syslog-ng[2798]: syslog-ng shutting down; version='3.0.10'
2013:03:29-19:15:44 firewall-1 syslog-ng[2796]: Configuration reload request received, reloading configuration;
2013:03:29-19:15:44 firewall-1 ulogd[3769]: SIGTERM received
2013:03:29-19:15:46 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:15:48 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:15:57 firewall-1 ddclient[5394]: WARNING: cannot connect to checkip.dyndns.org:80 socket: IO::Socket::INET: Bad hostname 'checkip.dyndns.org'
2013:03:29-19:16:05 firewall-1 snmpd[4286]: Received TERM or STOP signal... shutting down...
2013:03:29-19:16:06 firewall-1 snmpd[6026]: NET-SNMP version 5.6.2
2013:03:29-19:16:10 firewall-1 system: System was restarted
2013:03:29-19:16:49 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:17:01 firewall-1 /usr/sbin/cron[7288]: (root) CMD ( nice -n19 /usr/local/bin/gen_inline_reporting_data.plx)
2013:03:29-19:17:49 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:18:49 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:19:49 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:19:59 firewall-1 ntpd[4312]: Deleting interface #5 eth1, 192.168.100.100#123, interface stats: received=0, sent=0, dropped=0, active_time=263 secs
2013:03:29-19:19:59 firewall-1 ntpd[4312]: Deleting interface #4 eth1, 62.40.184.154#123, interface stats: received=0, sent=0, dropped=0, active_time=263 secs
2013:03:29-19:19:59 firewall-1 ntpd[4312]: peers refreshed
2013:03:29-19:20:01 firewall-1 /usr/sbin/cron[7631]: (root) CMD ( /usr/local/bin/reporter/system-reporter.pl)
2013:03:29-19:20:10 firewall-1 ntpd[4312]: Listen normally on 13 eth1 62.40.184.154 UDP 123
2013:03:29-19:20:10 firewall-1 ntpd[4312]: Listen normally on 14 eth1 192.168.100.100 UDP 123
2013:03:29-19:20:10 firewall-1 ntpd[4312]: 86.59.80.170 interface 193.238.156.17 -> 62.40.184.154
2013:03:29-19:20:10 firewall-1 ntpd[4312]: 91.206.8.70 interface 193.238.156.17 -> 62.40.184.154
2013:03:29-19:20:10 firewall-1 ntpd[4312]: 194.11.27.31 interface 193.238.156.17 -> 62.40.184.154
2013:03:29-19:20:10 firewall-1 ntpd[4312]: peers refreshed
2013:03:29-19:20:10 firewall-1 ntpd[4312]: new interface(s) found: waking up resolver
2013:03:29-19:20:50 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:20:57 firewall-1 ddclient[5394]: WARNING: cannot connect to checkip.dyndns.org:80 socket: IO::Socket::INET: Bad hostname 'checkip.dyndns.org'
2013:03:29-19:21:50 firewall-1 dns-resolver[4322]: DNS server failed to contact!
2013:03:29-19:22:50 firewall-1 dns-resolver[4322]: DNS server failed to contact!
firewalllog:
20:03:53 Default DROP UDP
62.40.***.*** : 13020
→
8.8.8.8 : 53
len=71 ttl=64 tos=0x00 srcmac=0:1a:8c:16[:D]b:a9
The 62.40.***.*** is the external IP from the UTM.
i make a any - DNS - any rule, but the UTM blocks the traffic from the UTM. The internal Network can use public DNS, only the UTM has a problem.
