[ previous ] [ next ] [ threads ]
 From:  Patrick <patrick at rave dot co dot za>
 To:  Widmer Hannes <h dot widmer at cybernet dot ch>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Question - DNS Traffic
 Date:  Thu, 9 Sep 2004 09:10:53 +0200
> I???m a new user of M0n0wall, a really nice Swiss :-)  Firewall. 
> I work in Cybernet, a Swiss ISP as System & Network Engineer... 
> I'm 23 years old and from Wettingen, Aargau ....
> more Infos: www.partyboard.ch
> So, now my question :-)
> I tryed to replace my own buildet bsd Firewall witch is a 
> filtering bridge. When I did the setup of the rules, I created 
> on the wan interface a rule to allow as example http from any, 
> any Port to my Public IP (Wan - DMZ in filter bridge mode) 
> Port 90. Then I create on the dmz interface a rule to allow 
> from my public Server ip (DMZ to WAN) the traffic from port 
> 80 out to any, any port. That works fine ... bit if I do the 
> same with DNS, the DNS server gives answers to the client 
> about my zones... but if i make a querry for as example 
> www.blick.ch, the DNS server trys to make a connection from 
> his public IP, Port 53 to blick's dns ip, port 53 and this 
> is allways blocked.... why?...
> I checked the manual of m0n0wall but this part also nat 
> etc.. is missing ....
> Does someone have a Idea?....

I might be totally off here but have you set the m0n0wall to block 
outgoing traffic ? If so then you would have to create a rule higher than 
the blocking rule which allowed dns traffic