[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    BIND 9.2.0 behind IPF
From:       barryc <barryc () rjlsystems ! com>
Date:       2002-04-26 13:19:42
[Download RAW message or body]

I accidentally left the floppy at home that I tossed all of the pertinent config 
files and test output, so this is going to be a little short on details.  I can 
post more detailed info this evening when I leave the office.

I have an Sparc 2 running OpenBSD 2.9 at home configured as a NATing firewall 
thusly:

         168.103.54.200/29
                le0 (public)
                 |
        +--------+---------+
        |                  |
       le1(DMZ)           le2 (private)
 192.168.0.1/24      192.168.1.1/24
 
The following two rules are in /etc/ipnat.rules

rdr le0 168.103.54.201/32 port 53 -> 192.168.0.30 port 53 
rdr le2 168.103.54.201/32 port 53 -> 192.168.0.30 port 53 

Every other service makes it through the firewall except DNS.
I was running IPF 3.4.21, and I just upgraded to 3.4.26.  Still no joy.

In my testing, I replaced my ipf.rules with
pass in all
pass out all
under both versions of ipf, and saw the same behaviour.

Also, from a box on le2, I can do a
dig @192.168.0.30
and see the expected output, but a
dig @168.103.54.201
produces an error about "cannot find any servers" or some such.

as stated earlier, this is the only service which I can't access via the public 
IP from le2.

I found the thread beginning here:
http://www.false.net/ipfilter/2000_09/0189.html
but it doesn't look like a resolution to his issue was ever posted.

Did I miss it someplace?

I'll post the testing output this evening after I get home from the office.
I just figured I'd post what I've got now...

[prev in list] [next in list] [prev in thread] [next in thread]