Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

gShield and bind issue after 2.6.20 install
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
tdknox
n00b
n00b


Joined: 23 Feb 2007
Posts: 9
PostPosted: Sat Apr 21, 2007 8:04 pm    Post subject: gShield and bind issue after 2.6.20 install Reply with quote
I had a working gShield configuration running on my server until I upgraded the kernel to 2.6.20-gentoo-r6 yesterday. Now all DNS queries are timing out, and gShield is logging all attempts:

Apr 21 15:59:34 wonk gShield (default drop) IN=eth0 OUT= MAC=00:04:23:a7:66:92:00:14:f2:b7:8d:53:08:00 SRC=192.36.148.17 DST=69.65.110.186 LEN=234 TOS=0x00 PREC=0x00 TTL=251 ID=2253 DF PROTO=UDP SPT=53 DPT=52039 LEN=214

My /etc/resolv.conf file is

domain vushta.com
search vushta.com
nameserver 127.0.0.1

The relevant part of my gShield.conf file is:

# DNS servers
# List the DNS servers you use here
# If set to AUTO, gShield will read
# this variable from /etc/resolv.conf

DNS="AUTO"

I've tried AUTO and 127.0.0.1, neither makes a difference.

from /usr/src/linux/.config:

CONFIG_NET_KEY=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_ASK_IP_FIB_HASH is not set
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_PNP=y
# CONFIG_IP_PNP_DHCP is not set
# CONFIG_IP_PNP_BOOTP is not set
# CONFIG_IP_PNP_RARP is not set
CONFIG_NET_IPIP=y
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# CONFIG_ARPD is not set
# CONFIG_SYN_COOKIES is not set
CONFIG_INET_AH=y
CONFIG_INET_ESP=y
CONFIG_INET_IPCOMP=y
CONFIG_INET_XFRM_TUNNEL=y
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_TCP_CONG_ADVANCED is not set
CONFIG_TCP_CONG_CUBIC=y
CONFIG_DEFAULT_TCP_CONG="cubic"
# CONFIG_TCP_MD5SIG is not set

If I run /etc/init.d/gshield stop, then DNS/named runs perfectly and quickly, but as soon as I activate gshield. then all DNS packets are dropped. In desperation, I changed /etc/resolv.conf to look like:

domain vushta.com
nameserver 4.2.2.2

That doesn't work either. gshield is dropping all DNS packets, where it did not before. All I changed was updating the kernel from 2.6.19-gentoo-r5 to 2.6.20-gentoo-r6.

Any assistance is appreciated! Thanks.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy