This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Why DNS connections are blocked?

I have a DNS server in my DMZ to which I configured a rule to allow my ISP to access and transfer zones from it.

Back in the days of 2.x version, all I had to do was setting a rule like:
From ISP DNS server -> DNS -> My DNS server -> allow

With version 3.x though, packets are blocked on every nic and I have to set up 3 rules for this to work correctly:

My ISP DNS server -> DNS -> ASL External -> allow
ASL External -> DNS -> ASL DMZ Nic -> Allow
ASL DMZ Nic -> DNS -> DNS server -> Allow

Looks like the rule is not routing itself.

Any ideas?
Thanks
Maurice

This thread was automatically locked due to age.

0 iceman114 over 22 years ago

Does your DNS machine residing on your DMZ have a public IP address or is NAT performed on the Astaro for the DMZ network?
Cancel
Vote Up 0 Vote Down

Cancel
0 Maurice over 22 years ago in reply to iceman114

Public IP address!
Cancel
Vote Up 0 Vote Down

Cancel
0 iceman114 over 22 years ago in reply to Maurice

As long as you have DNS service defined under definitions like this: (it comes already set up with Astaro like this)

NAME: DNS
PROTOCOL: tcp/udp
S-PORT: 1:65535
D-PORT: 53

Create network definitions for ISP's DNS server and your DNS server ( ie ISP_DNS=xxx.xxx.xxx.xxx/32, etc.)

Then add a rule in packet filter:

FROM: ISP_DNS
SERVICE: DNS
TO: YOUR_DNS_SERVER
ACTION: Allow

And:

FROM: YOUR_DNS_SERVER
SERVICE: DNS
TO: ISP_DNS
ACTION: Allow
Cancel
Vote Up 0 Vote Down

Cancel