[Shorewall-users] FWD: dns woes

Tom Eastep teastep@shorewall.net
Mon, 8 Jul 2002 16:48:53 -0700 (PDT)


On Mon, 8 Jul 2002, Jim Van Eeckhoutte wrote:

> ---------- Original Message ----------------------------------
> From: "Jim Van Eeckhoutte" <jim@vaneeckhoutte.com>
> Reply-To: <jim@vaneeckhoutte.com>
> Date:  Mon,  8 Jul 2002 15:27:14 -0700
> 
> this is shorewall status output:
> 
> tcp      6 431899 ESTABLISHED src=192.168.20.5 dst=64.4.12.45 sport=2185 dport=1863 src=64.4.12.45 dst=63.25.123.58 sport=1863 dport=2185 [ASSURED] use=1
> udp      17 30 src=192.168.20.5 dst=192.168.20.254 sport=2359 dport=53 [UNREPLIED] src=192.168.20.254 dst=192.168.20.5 sport=53 dport=2359 use=1
> tcp      6 431999 ESTABLISHED src=192.168.20.5 dst=192.168.20.254 sport=2130 dport=22 src=192.168.20.254 dst=192.168.20.5 sport=22 dport=2130 [ASSURED] use=1
> udp      17 28 src=192.168.20.5 dst=192.168.20.254 sport=2358 dport=53 [UNREPLIED] src=192.168.20.254 dst=192.168.20.5 sport=53 dport=2358 use=1
> 
> i have dnscache.lrp and daemontl.lrp running on bering box. When setting
> client to point to bering router as dns , it cant resolve. Is there a
> reason why the above is UNREPLIED?

Because either dnscache hasn't replied (do you have rules allowing DNS 
queries from the firewall to the internet at large?) or you have a routing 
problem such that there isn't a route back to 192.168.20.5 (I think you 
would have noticed that before however).

-Tom
-- 
Tom Eastep    \ Shorewall - iptables made easy
AIM: tmeastep  \ http://www.shorewall.net
ICQ: #60745924  \ teastep@shorewall.net