Answer the question
In order to leave comments, you need to log in
L
L
L0ns2019-05-30 21:26:51
L0ns, 2019-05-30 21:26:51
DNS names not resolved, iptables problem?
Help me understand why DNS names are not resolved when you ping, for example, to ya.ru:
# ping ya.ru
ping: ya.ru: Имя или служба не известныCustomized rules:
# iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
22 1446 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- enp0s3 * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 prefix "--- INPUT enp0s3 --- "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
40 2880 ACCEPT tcp -- enp0s8 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- enp0s8 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:10050
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- enp0s8 * 0.0.0.0/0 0.0.0.0/0 udp dpt:123
12 4383 ACCEPT tcp -- enp0s8 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80
82 6179 undef_in all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 TCPMSS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x06/0x02 TCPMSS clamp to PMTU
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
0 0 undef_fw all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
22 1446 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * enp0s3 0.0.0.0/0 0.0.0.0/0
34 13674 ACCEPT all -- * enp0s8 0.0.0.0/0 0.0.0.0/0
0 0 DROP tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:!0x17/0x02 state NEW
0 0 undef_out all -- * * 0.0.0.0/0 0.0.0.0/0
Chain undef_fw (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "-- FW -- DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain undef_in (1 references)
pkts bytes target prot opt in out source destination
82 6179 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "-- IN -- DROP "
82 6179 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain undef_out (1 references)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix "-- OUT -- DROP "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0Log after ping:
May 30 21:15:48 srv kernel: --- INPUT enp0s3 --- IN=enp0s3 OUT= MAC=08:00:27:e2:3e:be:80:26:89:0d:41:0d:08:00 SRC=192.168.0.1 DST=192.168.0.100 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=51772 LEN=43
May 30 21:15:48 srv kernel: -- IN -- DROP IN=enp0s3 OUT= MAC=08:00:27:e2:3e:be:80:26:89:0d:41:0d:08:00 SRC=192.168.0.1 DST=192.168.0.100 LEN=63 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=53 DPT=51772 LEN=43
May 30 21:15:54 srv kernel: --- INPUT enp0s3 --- IN=enp0s3 OUT= MAC=08:00:27:e2:3e:be:80:26:89:0d:41:0d:08:00 SRC=8.8.8.8 DST=192.168.0.100 LEN=138 TOS=0x00 PREC=0x00 TTL=101 ID=20587 PROTO=UDP SPT=53 DPT=37955 LEN=118
May 30 21:15:54 srv kernel: -- IN -- DROP IN=enp0s3 OUT= MAC=08:00:27:e2:3e:be:80:26:89:0d:41:0d:08:00 SRC=8.8.8.8 DST=192.168.0.100 LEN=138 TOS=0x00 PREC=0x00 TTL=101 ID=20587 PROTO=UDP SPT=53 DPT=37955 LEN=118If you apply the rule:
iptables -A INPUT -i enp0s3 -j ACCEPTThen the problem goes away, pings pass, but since interface enp0s3 looks at the Internet, it's not very good...
Similar questions
D
A
K
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question