[ previous ] [ next ] [ threads ]
 
 From:  Eugen Leitl <eugen at leitl dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] firewall rule for TCP DNS
 Date:  Thu, 6 Apr 2006 18:00:35 +0200
On Thu, Apr 06, 2006 at 11:21:31AM -0400, Peter wrote:
> My NAT rule looks like this:
> 
>  WAN  	 TCP/UDP  	 53 (DNS)  	 192.168.1.2  	 53 (DNS)  	 DNS server

Ah, forgot changing the NAT rule to include UDP. Thanks! It works now.
 
> My Rules look like this:
> 
>  TCP/UDP  	 *  	 *  	 192.168.1.2	 53 (DNS)  	 NAT DNS server
> 
> Are you sure your DNS server responds to TCP requests?
> 
> Regards,
> Peter
> 
> On Thu, 6 Apr 2006 17:14:41 +0200, Eugen Leitl wrote:
> >
> >
> >?I'm trying to set up a firewall rule to also
> >?allow TCP DNS resolution along with UDP to
> >?get rid of warnings like
> >
> >?http://dnsreport.com/tools/dnsreport.ch?domain=leitl.org
> >
> >?WARNING: One or more of your DNS servers does not accept TCP
> >?connections. Although rarely used, TCP connections are occasionally
> >?used instead of UDP connections. When firewalls block the TCP DNS
> >?connections, it can cause hard-to-diagnose problems. The problem
> >?servers are:
> >
> >?62.245.233.242: Error [Connect fail: 0].
> >
> >?but haven't managed to do it yet. TCP/UDP is not it.
> >?Dedicated rule for TCP and UDP each ain't it either.
> >
> >?Any suggestions?
> 
> ? ------------------------------------------------
> ? Peter, peter at iwebsl dot com on 4/6/2006
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE
signature.asc (0.2 KB, application/pgp-signature)