Firewall behaviour is strange on one of my systems
Gordon Messmer
gordon.messmer at gmail.com
Wed Oct 28 17:00:33 UTC 2015
On 10/28/2015 09:24 AM, Rick Stevens wrote:
> You have a DNS resolution issue.
It's probably an mDNS issue, and replies should normally be allowed by
the default "accept RELATED,ESTABLISHED" rule.
It might be helpful to see the output of "iptables -L -n -v".
> With the firewall enabled, as root,
> try:
> # iptables -L -n | grep :53
> and make sure you see lines like:
> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
You'll normally only see those lines when you're running virtualization,
or a DNS server. They aren't necessary for mDNS, which uses a different
port entirely.
I suspect that you see them because you're running libvirt. If you use
"iptables -v", you would see that those rules only affect packets on the
virbr0 interface. They're not related to your non-virtualized
applications (or to mDNS in any case).
> Also make sure avahi-daemon and dnsmasq are running.
If mDNS is working when the firewall is down, we can assume that
avahi-daemon is running. dnsmasq is not required for mDNS.
More information about the users
mailing list