|
Title: DNS requests blocked/redirected Post by: ggillesp on Friday 22 February 2013, 06:39:51 am Hello all.
I am attempting to set up a virtual envionment using Endian 2.5.1. I have replaced several hardware firewalls with EFW. My problem is that DNS requests through the firewall (RED-->GREEN) seem to be redirected. THis all worked when the firewalls were hardware. I have DNS client (SERVER1) on the RED segment (VMNet1) which is configured to use a DNS server (SERVER2) on the GREEN segment (VMNet2). SERVER1 cannot get DNS responses from SERVER2. DNS clients on the same network as the server get proper DNS resolution. When I moved SERVER1 temporarily onto the GREEN segment, everything worked. Using Wireshark, I can see that DNS requests from the RED network do not arrive at SERVER2. The Endian Firewall ACL has a permit all IP statement for the traffic and logs show the DNS requests being permitted. Using Wireshark I can see that DNS requests are sent from SERVER1 to SERVER2 via the firewall. When I reconfigure SERVER1 to send DNS requests to a different box on the GREEN segment, Wireshark shows the requests arriving at that box (SERVER3) I am assuming that there is some sort of proxy-redirect going on. Under the DNS Proxy settings the Transparent setting is disabled. I have also tried it enabled without success. Oddly, when I capture DNS request traffic on SERVER1 I see some sort of DNS redirect. The first packet goes to SERVER2 via the firewall as expected - SERVER1_IP (MAC1) --> SERVER2_IP (FW MAC) But then the firewall issues a of DNS request packets to SERVER2 on the RED segment. FIREWALL_IP (FW MA) --> SERVER2_IP (XX MAC) The XX MAC address is actually the upstream gateway address. So, some questions: Why is the firewall redirecting the DNS packet upstream if DNS proxy is disabled? Why is the firewall sending a packet to SERVER2_IP (GREEN) but sending it out on the wrong interface (RED)? As a note, when I perform the same test to SERVER3, there is no redirect. The only difference that I can see being that SERVER2 is the primary DNS address configured in the firewall and SERVER3 is unknown to the firewall. I appreciate any information that you can give me on the DNS proxy or whatever is going on here. Title: Re: DNS requests blocked/redirected Post by: jeremycald on Friday 22 February 2013, 02:22:13 pm There is a DNS proxy under the Proxy tab
Title: Re: DNS requests blocked/redirected Post by: ggillesp on Tuesday 05 March 2013, 07:24:19 am There is a DNS proxy under the Proxy tab As noted in the original post, "Under the DNS Proxy settings the Transparent setting is disabled. I have also tried it enabled without success". Is there something else I should try with DNS proxy? Title: Re: DNS requests blocked/redirected Post by: robert on Tuesday 05 March 2013, 08:13:13 am Try this command and let me know if it fixes the problem, this is just a temporary fix to see if that is what is causing the problem.
ip rule del fwmark 0x8/0x7f8 |