On 1/12/2014 8:22 AM, [email protected] wrote: > On Sun, 12 Jan 2014, Tom Eastep wrote: > >>>>> Thanks for your hints, but returning in topic, I still don't understand >>>>> why the DNS resolutions doesn't works. >>>>> >>>>> Why the rule: >>>>> >>>>> DNS(ACCEPT) dmz:192.168.110.0/24 all >>>>> >>>>> don't work as expected? >>>>> What am I missing? >>>> >>>> Please send us the output of 'shorewall dump' collected as described at >>>> http://www.shorewall.org/support.htm#Guidelines >>> >>> >>> Filed it in http://apf.it/140111sh-dump.gz >>> Changed real IPs. >>> >>> Thanks for interest. >> >> We actually need the dump to be taken when the rules that *don't* work >> are installed. We don't learn anything from looking at these rules. > > Rules ARE active. > > They are simply: > > DNS(ACCEPT) dmz:192.168.110.0/24 all > #DNS(ACCEPT) dmz all > #ACCEPT dmz:192.168.110.0/24 all udp 53,953 > #LOG:6 dmz:192.168.110.0/24 net:!8.8.8.8,208.67.222.222 udp > DROP dmz:192.168.110.0/24 net:!8.8.8.8,208.67.222.222 udp > > Commented line are some attempts (that don't change the result). > >> Also, please add logging to your DROP rule(s). > > If you specify me what syntax do you want, I do. > > In the meantime, this is another dump (after a restart of Shorewall) > > http://apf.it/140112sh-dump.gz > > Thanks, P. > > P.S.: my conf isn't clean, because this is a proxmox host with some VM in > more differents DMZ segment that evolved in many years, but all is fine > (for my need, probably can be do better), except for this UDP things that > not works as expected for the involved VM (both OpenVZ and KVM). >
I don't see the DNS(ACCEPT) rule in the dump at all. - What are the contents of /usr/share/shorewall/macro.DNS on your system? - What is the line immediately before that rule in /etc/shorewall/rules? - Do you have a file named macro.DNS in /etc/shorewall/? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
