Re: iptables and bind

From: Tarald Holm (tarald.holm@online.no)
Date: 02/28/03 

From: Tarald Holm <tarald.holm@online.no>
Date: Fri, 28 Feb 2003 14:57:39 +0100

Cedric Blancher wrote:

>> # Allow DNS out
>> $IPTABLES -A OUTPUT -p tcp --sport 53 -j ACCEPT
>> $IPTABLES -A OUTPUT -p udp --sport 53 -j ACCEPT
>
> Have you configured BIND for it uses port 53 as source in named.conf
> with query-source statement ?
>
> query-source port 53
>
> Overwise, source port will be unprivilieged (>1023).
>

I must confess I have not. I will try spesifying to allow unprivilieged
ports out (Something I should have done, but not thought of... newbie,
see ;))

>> My logs display: kernel: martian source x.x.211.111 from
>> x.x.211.105, on dev eth0 where x.x.211.105 is the IP of my
>> router-box, and x.x.211.111 is _supposed_ to be the netmask.
>
>
> Is x.x.211.105 eth0 IP ?
>
> Martian source/destination indicates that a packet was received on an
> interface on which it shouldn't have, according to routing table.

Yes, this is the IP of eth0. the .111 ip is the _broadcast_ ip, not the
netmask, i made a mistake in my original post. I seem to have two
seperate problems here, because the same martian-errors appear in my
logs when reverting to my earlier setup. (The masq setup where DNS works) 

-- 
Tarald - The Lord of Smeg
You're not drunk if you can lie on the floor without holding on