Hi,
I have the following network
Infrastructure - 192.168.10.0/24
HostsA - 192.168.20.0/24
HostsB - 192.168.30.0/24
iSCSI - 192.168.40.0/24
and 4 interfaces on the firewall, each interface is the gateway to its respective network above.
I have a rule to allow any protocol through the interface [in rule] however the TCP/UDP packets fail nd DNS resolution fails. So I added a [out rule] to allow TCP/UDP from port53 to port53 on all interfaces yet the clients in the LAN are unable to get to the DNS server.
192.168.10.2 is the DNS server to which ping works.
Before the DNS-Specific Rule
https://i.ibb.co/Wf9fyF3/server-2020-05-20-15-37-36.png (https://i.ibb.co/Wf9fyF3/server-2020-05-20-15-37-36.png)
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png (https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png)
After adding a DNS-Specific out rule the DNS resolution still fails
https://i.ibb.co/WK0fSYP/server-2020-05-20-15-44-17.png (https://i.ibb.co/WK0fSYP/server-2020-05-20-15-44-17.png)
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png (https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png)
Nothing in the logs either, however at one point in time the log did show the udp packet going out of the interface (showing the rule is working, happened 1 time only) but did not reach the DNS server (no other udp packet appeared in the logs)
https://i.ibb.co/wS2bqGq/server-2020-05-20-15-45-35.png (https://i.ibb.co/wS2bqGq/server-2020-05-20-15-45-35.png)
https://i.ibb.co/zQqXZd2/server-2020-05-20-15-52-16.png (https://i.ibb.co/zQqXZd2/server-2020-05-20-15-52-16.png)
https://i.ibb.co/qmhvjj3/server-2020-05-20-15-55-36.png (https://i.ibb.co/qmhvjj3/server-2020-05-20-15-55-36.png)
Any thoughts what is not in order, thanks..
This issue is resolved, I had to create both in and out rule on each interface, and now DNS resolution works.