<div dir="ltr"><div>tbx to all... iptables -L -n -v<br><br></div>see attached file<br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-10-28 18:00 GMT+01:00 Gordon Messmer <span dir="ltr"><<a href="mailto:gordon.messmer@gmail.com" target="_blank">gordon.messmer@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">On 10/28/2015 09:24 AM, Rick Stevens wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
You have a DNS resolution issue.<br>
</blockquote>
<br></span>
It's probably an mDNS issue, and replies should normally be allowed by the default "accept RELATED,ESTABLISHED" rule.<br>
<br>
It might be helpful to see the output of "iptables -L -n -v".<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
With the firewall enabled, as root,<br>
try:<br>
# iptables -L -n | grep :53<br>
and make sure you see lines like:<br>
ACCEPT udp -- <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> udp dpt:53<br>
ACCEPT tcp -- <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> <a href="http://0.0.0.0/0" rel="noreferrer" target="_blank">0.0.0.0/0</a> tcp dpt:53<br>
</blockquote>
<br></span>
You'll normally only see those lines when you're running virtualization, or a DNS server. They aren't necessary for mDNS, which uses a different port entirely.<br>
<br>
I suspect that you see them because you're running libvirt. If you use "iptables -v", you would see that those rules only affect packets on the virbr0 interface. They're not related to your non-virtualized applications (or to mDNS in any case).<span class=""><br>
<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Also make sure avahi-daemon and dnsmasq are running.<br>
</blockquote>
<br></span>
If mDNS is working when the firewall is down, we can assume that avahi-daemon is running. dnsmasq is not required for mDNS.<div class="HOEnZb"><div class="h5"><br>
<br>
-- <br>
users mailing list<br>
<a href="mailto:users@lists.fedoraproject.org" target="_blank">users@lists.fedoraproject.org</a><br>
To unsubscribe or change subscription options:<br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/users" rel="noreferrer" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/users</a><br>
Fedora Code of Conduct: <a href="http://fedoraproject.org/code-of-conduct" rel="noreferrer" target="_blank">http://fedoraproject.org/code-of-conduct</a><br>
Guidelines: <a href="http://fedoraproject.org/wiki/Mailing_list_guidelines" rel="noreferrer" target="_blank">http://fedoraproject.org/wiki/Mailing_list_guidelines</a><br>
Have a question? Ask away: <a href="http://ask.fedoraproject.org" rel="noreferrer" target="_blank">http://ask.fedoraproject.org</a><br>
</div></div></blockquote></div><br><br clear="all"><br>-- <br><div class="gmail_signature"><div dir="ltr"><div>Antonio Montagnani<br>Skype : amontag52<br><br>Linux Fedora 22 (Twenty-two)<br>inviato da Gmail</div></div></div>
</div>