On 10/28/2015 09:24 AM, Rick Stevens wrote:
You have a DNS resolution issue.
It's probably an mDNS issue, and replies should normally be allowed by
the default "accept RELATED,ESTABLISHED" rule.
It might be helpful to see the output of "iptables -L -n -v".
With the firewall enabled, as root,
try:
# iptables -L -n | grep :53
and make sure you see lines like:
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
You'll normally only see those lines when you're running virtualization,
or a DNS server. They aren't necessary for mDNS, which uses a different
port entirely.
I suspect that you see them because you're running libvirt. If you use
"iptables -v", you would see that those rules only affect packets on the
virbr0 interface. They're not related to your non-virtualized
applications (or to mDNS in any case).
Also make sure avahi-daemon and dnsmasq are running.
If mDNS is working when the firewall is down, we can assume that
avahi-daemon is running. dnsmasq is not required for mDNS.
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
