[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipcop-user
Subject:    Re: [IPCop-user] A lot of messages in the firewall log concerning
From:       "Simon Billis" <simon () houxou ! com>
Date:       2009-06-29 10:20:28
Message-ID: 7C35D35D6CAB484C969A2CC7F97D4857 () uk ! houxou ! com
[Download RAW message or body]

Hi,

> I get a lot of messages (~70% of all entries) in my firewall 
> log that looks 
> like this (the MAC column deleted for readability):
> --------------------------------8<----------------------------
> ---------
> Time    Chain  Iface Proto Source       Src Port   
> Destination Dst Port
> 15:16:03 INPUT  eth2 UDP 195.186.4.111  53(DOMAIN) 192.168.2.1  18895
> 15:14:42 INPUT  eth2 UDP 195.186.4.111  53(DOMAIN) 192.168.2.1  22693
> --------------------------------8<----------------------------
> ---------
> The Source IP (195.186.4.111) is one of my ISP's DNS server 
> and 192.168.2.1 is 
> my RED interface. For me it looks like some sort of answer to 
> a DNS requst 
> that gets blocked by IPCop. Any suggestion on how to solve this?

This is a stab in the dark as we don't know the DNS resolver setup on the
firewall and the clients behind the firewall.
But here goes:

This may be a machine behind the firewall requesting DNS resolution from the
upstream DNS servers. You could check to be sure that all machines behind
the firewall are either using TCP for the DNS request or are using the
firewall as the DNS resolver.

Rgds

Simon.


------------------------------------------------------------------------------
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user

[prev in list] [next in list] [prev in thread] [next in thread]