Vesper

Asked: 2018-08-14 06:32:05 +0800 CST2018-08-14 06:32:05 +0800 CST 2018-08-14 06:32:05 +0800 CST

iptables stopped translating DNS packets?

# iptables -t nat -S
...
-A PREROUTING -d 217.xxxx/32 -p tcp -m tcp --dport 53 -j DNAT --to-destination 10.x.x.9
-A PREROUTING -d 217.xxxx/32 -p udp -m udp --dport 53 -j DNAT --to-destination 10.x.x.9
...
# iptables -S
...
-A FORWARD -i eth0 -j ETH0-IN
-A ETH0-IN -d 10.x.x.9/32 -p tcp -m tcp --dport 53 -j ACCEPT
-A ETH0-IN -d 10.x.x.9/32 -p udp -m udp --dport 53 -j ACCEPT

Running iptables -t nat -nvL shows zeroes at these NAT translation rules. WTF?! It worked before some kernel or iptables update, but since some time the DNS server behind this firewall just stays inaccessible. Verified by iptables -A INPUT -d 217.xxxx -p udp --dport 53 -j LOG, logs do come in with untranslated packets. OS CentOS7, uname -a here:

Linux fwxxxx 3.10.0-862.9.1.el7.x86_64 #1 SMP Mon Jul 16 16:29:36 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux

firewalld is explicitly removed from this machine. No rules are configured in mangle or raw tables, nothing elsewhere. I'm frankly baffled. Is this a known bug?

iptables stopped translating DNS packets?

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

iptables stopped translating DNS packets?

0 Answers