ipfilter problem - seems simple, but I'm stuck.

I have sent this to the ipfilter mailing list, but perhaps someone here will answer first.

I've got a Sun Ultra 60 running Solaris 10, with the Sun installed ipfilter (4.0.2). It uses an on IP address of 192.168.1.15. The machine is:

a) A web server
b) An ssh server on ports 80 and 8080.

It logs domain names in the web server logs, which it does via DNS lookups. Hence it needs to make outgoing requests for DNS.

Here are my ipfilter rules

block in log all
block out log all

# There are two DNS servers I might use, on IP's 212.67.120.148
# and 212.67.96.128.

pass out log on hme0 from 191.168.1.15/32 to 212.67.120.148/32
pass out log on hme0 from 191.168.1.15/32 to 212.67.96.128/32

# Allow ssh, http on ports 80 and 8080 into the box.
pass in quick on hme0 proto tcp from any to 192.168.1.15/32 port = 22 keep state
pass in quick on hme0 proto tcp from any to 192.168.1.15/32 port = 80 keep state
pass in quick on hme0 proto tcp from any to 192.168.1.15/32 port = 8080 keep state

However, all outgoing DNS entries are blocked. Here is what is shown by ipmon, which logs the firewall, where I type "nslookup www.sun.com"


# ipmon
26/12/2005 14:46:45.822511 hme0 @0:1 b 192.168.1.15,32925 -> 212.67.120.148,53 PR udp len 20 57 OUT
26/12/2005 14:46:46.830913 hme0 @0:1 b 192.168.1.15,32926 -> 212.67.96.128,53 PR udp len 20 57 OUT
26/12/2005 14:46:51.840468 hme0 @0:1 b 192.168.1.15,32925 -> 212.67.120.148,53 PR udp len 20 57 OUT
26/12/2005 14:46:52.850364 hme0 @0:1 b 192.168.1.15,32926 -> 212.67.96.128,53 PR udp len 20 57 OUT

Hence outgoing requests to my DNS servers are being blocked.

But I've specifically allowed IP's 212.67.120.148 & 212.67.96.128, so why should they be blocked?

--
Dave K

http://www.southminster-branch-line.org.uk/

Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)
.

Relevant Pages

  • restart solved all
    ... > advised and I am positive that DNS is fine. ... > with Group Policy or User Profiles. ... > - logs Kerberos events that show I am successfully issued TGT and Service ... >> And don't forget to check the event logs. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Multi Site Hosting
    ... make out that wont be the part which facilitates having a web server most ... My prior understanding was by having DNS records locally for the respective ... I would have assumed you needed SBS for its DNS? ... >>> put it on another machine running windows web server 2003 and direct the ...
    (microsoft.public.windows.server.sbs)
  • Re: A Big Mess
    ... issue or a little of both so I am going to cross post to both discussion ... * I have set up a new web server behind a firewall. ... Web server also acts as DNS server ... Internet correctly. ...
    (microsoft.public.windows.server.dns)
  • Re: Web Edition come with DNS services?
    ... However, if you're talking about an internet facing web server, you need ... some sort of DNS service too. ... intended application will run fine on 1GB-2GB of RAM, ...
    (microsoft.public.windows.server.general)
  • Re: what should I do when....
    ... If I notice scans from an IP then I will gather the logs and send them to the security@ or abuse@ contact that is in the WHOIS. ... I ran into a lot of problems where people needed access to websites that were hosted there or the DNS was hosted there and the site was somewhere else. ... Over three years and they still can't browse our website. ... my firewall logs, from a specific ip based in Canada, the log is showing a ...
    (Security-Basics)