[prev in list] [next in list] [prev in thread] [next in thread]
List: ipcop-user
Subject: Re: [IPCop-user] A lot of messages in the firewall log concerning
From: "Simon Billis" <simon () houxou ! com>
Date: 2009-06-29 10:20:28
Message-ID: 7C35D35D6CAB484C969A2CC7F97D4857 () uk ! houxou ! com
[Download RAW message or body]
Hi,
> I get a lot of messages (~70% of all entries) in my firewall
> log that looks
> like this (the MAC column deleted for readability):
> --------------------------------8<----------------------------
> ---------
> Time Chain Iface Proto Source Src Port
> Destination Dst Port
> 15:16:03 INPUT eth2 UDP 195.186.4.111 53(DOMAIN) 192.168.2.1 18895
> 15:14:42 INPUT eth2 UDP 195.186.4.111 53(DOMAIN) 192.168.2.1 22693
> --------------------------------8<----------------------------
> ---------
> The Source IP (195.186.4.111) is one of my ISP's DNS server
> and 192.168.2.1 is
> my RED interface. For me it looks like some sort of answer to
> a DNS requst
> that gets blocked by IPCop. Any suggestion on how to solve this?
This is a stab in the dark as we don't know the DNS resolver setup on the
firewall and the clients behind the firewall.
But here goes:
This may be a machine behind the firewall requesting DNS resolution from the
upstream DNS servers. You could check to be sure that all machines behind
the firewall are either using TCP for the DNS request or are using the
firewall as the DNS resolver.
Rgds
Simon.
------------------------------------------------------------------------------
_______________________________________________
IPCop-user mailing list
IPCop-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ipcop-user
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic