Hi all,
I'm using ASL 2.1 on a cable connection with pppoe, DNS proxy enabled, NAT/MASQUERADING set up for my LAN working fine (I typed iptables rules to do so using ppp0 interface).
The boxes in the LAN are configured to use the ASL box as a gateway and DNS.
I get a dynamic IP address from the cable provider (works fine), below.
After some days up, I get problems resolving names. My investigation reports that chain FIX_CONNTRACK drops and logs the DNS traffic with the 2 external nameservers I declared in DNS proxy configuration on the ASL box, and below.
Here is the copy/paste of chain IP_CONNTRACK I get, adresses modified to match my configuration, hope it helps to understand:
Chain FIX_CONNTRACK (3 references)
pkts bytes target prot opt in out source destination
0 0 LOGDROP udp -- * * udp spt:32771 dpt:53
0 0 LOGDROP udp -- * * udp spt:53 dpt:32771
20 1304 LOGDROP udp -- * * udp spt:32863 dpt:53
0 0 LOGDROP udp -- * * udp spt:53 dpt:32863
29 1860 LOGDROP udp -- * * udp spt:32863 dpt:53
0 0 LOGDROP udp -- * * udp spt:53 dpt:32863
Rebooting the ASL box (I may have do a better job flushing the rules for that chain, I know), everything works fine. chain FIX_CONNTRACK is empty.
So my questions:
- what is the purpose of FIX_CONNTRACK (apart fixing connection tracking )?
- how does it work?
- how to workaround the problem I describe?
- does echoing 1 in /proc/sys/net/ipv4/ip_dynaddr help to support dynamic IP addresses, if this matter has something to do with the problem I get?
Thanks for reading, and your help!
Yves.
This thread was automatically locked due to age.