Glenn Ramsey wrote:
The dropped packets log like this: 203.96.152.4 is the dns server, 203.79.74.233 is my dynamic ip
Jul 8 09:13:06 pixie kernel: IN= OUT=ppp0 SRC=203.79.74.233 DST=203.96.152.4 LEN=79 TOS=0x00 PREC=0x00 TTL=64 ID=147 DF PROTO=UDP SPT=53 DPT=53 LEN=59
Why is it using udp?
I have fixed the problem for now by opening port 53. I think this is pretty secure because bind is only listening on the internal interface.
My question now is why would it be dropping packets from the masq machine itself that are destined for the external interface? And why only dns lookup forward packets?
dns uses udp. It will use tcp if the data is too big to fit in a udp packet. It's kind of weird to see requests both from port 53 and to 53. I looked at your rules earlier and checked at home - my bind sends requests from high ports, which is why I couldn't see anything wrong with your rules, and I also thought
#: Accept incoming packets from external networks on external interfaces /sbin/iptables -A INPUT -j ACCEPT -i ppp0 -d 203.79.74.40/32
would allow dns responses. Also, bear in mind that bind will not listen on interfaces created after it starts (just in case this trips you up). But I don't think that's the problem in this case. John