1- I use a linux system as router and I have problem with UDP port 53
which dns checkers find not available.
Is there a mistake in my configuration below ?
2- I use bind9 in a lxd container, with nothing else in this container.
When I use :
nc -v -u -z 192.168.163.30 40-60
I get all ports from 49 to 55 open but an error on port 53 (and 52..?):
...
(UNKNOWN) [192.168.163.30] 53 (domain) open
udptest first write failed?! errno 1 : Operation not permitted
(UNKNOWN) [192.168.163.30] 52 (?) : Operation not permitted
(UNKNOWN) [192.168.163.30] 51 (?) open
...
How to explain these results ? I should expect only UDP53 open...
Thanks for any help
PC
root@rIVrouter:~# cat /etc/iptables/rules.v4
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# eth1 is WAN interface, #eth0 is LAN interface
-A POSTROUTING -o eth1 -j MASQUERADE
#******************* PREROUTING from WAN to LAN : see too below
# bin
-A PREROUTING -p udp -i eth1 --dport 53 -j DNAT --to-destination
192.168.163.30:53
...
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# basic global accept rules - ICMP, loopback, traceroute, established
all accepted
...
# forward packets along established/related connections
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# forward from LAN (eth0) to WAN (eth1)
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -p udp -d 192.168.163.30 --dport 53 -j ACCEPT
...
# drop all other forwarded traffic
-A FORWARD -j DROP
COMMIT
