Firewall not allowing DNS resolution..

Started by tryllz, May 20, 2020, 05:03:43 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 20, 2020, 05:03:43 PM Last Edit: May 20, 2020, 05:26:38 PM by tryllz
Hi,

I have the following network

Infrastructure - 192.168.10.0/24
HostsA - 192.168.20.0/24
HostsB - 192.168.30.0/24
iSCSI - 192.168.40.0/24

and 4 interfaces on the firewall, each interface is the gateway to its respective network above.

I have a rule to allow any protocol through the interface [in rule] however the TCP/UDP packets fail nd DNS resolution fails. So I added a [out rule] to allow TCP/UDP from port53 to port53 on all interfaces yet the clients in the LAN are unable to get to the DNS server.

192.168.10.2 is the DNS server to which ping works.

Before the DNS-Specific Rule

https://i.ibb.co/Wf9fyF3/server-2020-05-20-15-37-36.png
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png

After adding a DNS-Specific out rule the DNS resolution still fails

https://i.ibb.co/WK0fSYP/server-2020-05-20-15-44-17.png
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png

Nothing in the logs either, however at one point in time the log did show the udp packet going out of the interface (showing the rule is working, happened 1 time only) but did not reach the DNS server (no other udp packet appeared in the logs)
https://i.ibb.co/wS2bqGq/server-2020-05-20-15-45-35.png
https://i.ibb.co/zQqXZd2/server-2020-05-20-15-52-16.png
https://i.ibb.co/qmhvjj3/server-2020-05-20-15-55-36.png

Any thoughts what is not in order, thanks..
May 21, 2020, 09:51:05 PM #1
This issue is resolved, I had to create both in and out rule on each interface, and now DNS resolution works.
Print
Go Up Pages1
User actions