Problem when routing UDP port 53

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



1- I use a linux system as router and I have problem with UDP port 53 which dns checkers find not available.

Is there a mistake in my configuration below ?

2- I use bind9 in a lxd container, with nothing else in this container. When I use :

nc -v -u  -z 192.168.163.30 40-60

I get all ports from 49 to 55 open but an error on port 53 (and 52..?):

...

(UNKNOWN) [192.168.163.30] 53 (domain) open
udptest first write failed?! errno 1 : Operation not permitted
(UNKNOWN) [192.168.163.30] 52 (?) : Operation not permitted
(UNKNOWN) [192.168.163.30] 51 (?) open
...

How to explain these results ? I should expect only UDP53 open...


Thanks for any help

PC


root@rIVrouter:~# cat /etc/iptables/rules.v4
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# eth1 is WAN interface, #eth0 is LAN interface
-A POSTROUTING -o eth1 -j MASQUERADE
#******************* PREROUTING from WAN to LAN : see too below
# bin
-A PREROUTING -p udp -i eth1 --dport 53 -j DNAT --to-destination 192.168.163.30:53

...

COMMIT

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# basic global accept rules - ICMP, loopback, traceroute, established all accepted

...

# forward packets along established/related connections
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# forward from LAN (eth0) to WAN (eth1)
-A FORWARD -i eth0 -o eth1 -j ACCEPT
-A FORWARD -p udp -d 192.168.163.30 --dport 53 -j ACCEPT

...

# drop all other forwarded traffic
-A FORWARD -j DROP

COMMIT






[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux