Hallo!
Mein Router mit Oleg-Firmware will plötzlich keine DNS-Anfragen mehr auflösen.
D.h. genaugenommen löst der dnsmasq die Anfragen lokal schon auf, aber von den PCs aus nicht.
Beispiel:
Auf dem Router:
Code:
[root@router root]$ nslookup wl500g.info 127.0.0.1
Server: localhost.localdomain
Address: 127.0.0.1
Name: wl500g.info
Address: 87.239.12.26
Auf einem angeschlossenen PC:
Code:
> wl500g.info
Server: [192.168.1.1]
Address: 192.168.1.1
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
*** Zeitüberschreitung bei Anforderung an [192.168.1.1]
>
Mit einem anderen DNS-Server geht es auf dem PC:
Code:
> wl500g.info
Server: [195.34.133.21]
Address: 195.34.133.21
Nicht autorisierte Antwort:
Name: wl500g.info
Address: 87.239.12.26
Hier meine iptables regeln:
Code:
Chain INPUT (policy ACCEPT)
target prot opt source destination
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere state NEW
ACCEPT all -- anywhere anywhere state NEW
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ACCEPT icmp -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT tcp -- anywhere router.main tcp dpt:ssh
DROP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
DROP all -- anywhere anywhere state INVALID
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
DROP all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate DNAT
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain MACS (0 references)
target prot opt source destination
Chain SECURITY (0 references)
target prot opt source destination
RETURN tcp -- anywhere anywhere tcp flags:SYN,RST,ACK/SYN limit: avg 1/sec burst 5
RETURN tcp -- anywhere anywhere tcp flags:FIN,SYN,RST,ACK/RST limit: avg 1/sec burst 5
RETURN udp -- anywhere anywhere limit: avg 5/sec burst 5
RETURN icmp -- anywhere anywhere limit: avg 5/sec burst 5
DROP all -- anywhere anywhere
Chain logaccept (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `ACCEPT '
ACCEPT all -- anywhere anywhere
Chain logdrop (0 references)
target prot opt source destination
LOG all -- anywhere anywhere state NEW LOG level warning tcp-sequence tcp-options ip-options prefix `DROP '
DROP all -- anywhere anywhere
Hat irgendjemand eine Idee?
dnsmasq ist der, der bei der Oleg firmware dabei ist.
Der den man mit ipkg ionstallieren kann startet nicht