Welcome, Guest. Please login or register.
Did you miss your activation email?
Tuesday 31 December 2024, 06:05:37 am

Login with username, password and session length

CLICK HERE for the The official Endian Roadmap and Issue tracker
14262 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  EFW SMTP, HTTP, SIP, FTP Proxy Support
| | |-+  DNS requests blocked/redirected
0 Members and 2 Guests are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: DNS requests blocked/redirected  (Read 18521 times)
ggillesp
Jr. Member
*
Offline Offline

Posts: 2


« on: Friday 22 February 2013, 06:39:51 am »

Hello all.
I am attempting to set up a virtual envionment using Endian 2.5.1.   I have replaced several hardware firewalls with EFW. My problem is that DNS requests through the firewall (RED-->GREEN) seem to be redirected. THis all worked when the firewalls were hardware.

I have DNS client (SERVER1) on the RED segment (VMNet1) which is configured to use a DNS server (SERVER2) on the GREEN segment (VMNet2).
SERVER1 cannot get DNS responses from SERVER2.
DNS clients on the same network as the server get proper DNS resolution.
When I moved SERVER1 temporarily onto the GREEN segment, everything worked.
Using Wireshark, I can see that DNS requests from the RED network do not arrive at SERVER2.
The Endian Firewall ACL has a permit all IP statement for the traffic and logs show the DNS requests being permitted.
Using Wireshark I can see that DNS requests are sent from SERVER1 to SERVER2 via the firewall.
When I reconfigure SERVER1 to send DNS requests to a different box on the GREEN segment, Wireshark shows the requests arriving at that box (SERVER3)

I am assuming that there is some sort of proxy-redirect going on. Under the DNS Proxy settings the Transparent setting is disabled. I have also tried it enabled without success.

Oddly, when I capture DNS request traffic on SERVER1 I see some sort of DNS redirect. The first packet goes to SERVER2 via the firewall as expected - SERVER1_IP (MAC1) --> SERVER2_IP (FW MAC)

But then the firewall issues a  of DNS request packets to SERVER2 on the RED segment. FIREWALL_IP (FW MA) --> SERVER2_IP (XX MAC)
The XX MAC address is actually the upstream gateway address.
So, some  questions:
Why is the firewall redirecting the DNS packet upstream if DNS proxy is disabled?
Why is the firewall sending a packet to SERVER2_IP (GREEN)  but sending it out on the wrong interface (RED)?

As a note, when I perform the same test to SERVER3, there is no redirect. The only difference that I can see being that SERVER2 is the primary DNS address configured in the firewall and SERVER3 is unknown to the firewall.

I appreciate any information that you can give me on the DNS proxy or whatever is going on here.
Logged
jeremycald
Full Member
***
Offline Offline

Posts: 41


« Reply #1 on: Friday 22 February 2013, 02:22:13 pm »

There is a DNS proxy under the Proxy tab

Logged
ggillesp
Jr. Member
*
Offline Offline

Posts: 2


« Reply #2 on: Tuesday 05 March 2013, 07:24:19 am »

There is a DNS proxy under the Proxy tab

As noted in the original post, "Under the DNS Proxy settings the Transparent setting is disabled. I have also tried it enabled without success".

Is there something else I should try with DNS proxy?
Logged
robert
Full Member
***
Offline Offline

Posts: 23


« Reply #3 on: Tuesday 05 March 2013, 08:13:13 am »

Try this command and let me know if it fixes the problem, this is just a temporary fix to see if that is what is causing the problem.

ip rule del fwmark 0x8/0x7f8

Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.078 seconds with 20 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com