1 (edited by tuneapc 2013-06-16 01:14:08)

Topic: Cannot resolve DNS after iRedMail install while firewall is up

======== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Linux/BSD distribution name and version: CentOS 6.2 64bit
- Related log if you're reporting an issue:  see terminal log below desription.
====

I installed iRedMail-0.8.4 on a "Fresh" install of CentOS 6.2; the OS is installed on a virtual machine (OpenVZ).
During install I choose to use iRedMail's iptable rules.
after the post install reboot, I can no longer resolve DNS with the firewall up. I can still dig google.com with the firewall down. No changes were made to my resolv.conf file and the files in /var/spool/postfix/etc/ match the /etc/ files.

On previous attempts to fix this issue myself I added the following rules to iptables to no avail:
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p udp --dport 53 -j ACCEPT

I have no idea what i'm overlooking. Below you will find the results of dig google.com with the firewall up then down, as well as the result for iptables -L -n :

Thanks in advance

******************************************************************************************************
[root@bvmdal-centos01 ~]# ping -c3 google.com
PING google.com (74.125.227.97) 56(84) bytes of data.
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_seq=1 ttl=56 time=22.5 ms
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_seq=2 ttl=56 time=22.4 ms
64 bytes from dfw06s16-in-f1.1e100.net (74.125.227.97): icmp_seq=3 ttl=56 time=22.4 ms

--- google.com ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2024ms
rtt min/avg/max/mdev = 22.431/22.469/22.509/0.126 ms
******************************************************************************************************
[root@bvmdal-centos01 ~]# dig google.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55050
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.                    IN      A

;; ANSWER SECTION:
google.com.             218     IN      A       74.125.227.97
google.com.             218     IN      A       74.125.227.96
google.com.             218     IN      A       74.125.227.101
google.com.             218     IN      A       74.125.227.102
google.com.             218     IN      A       74.125.227.100
google.com.             218     IN      A       74.125.227.103
google.com.             218     IN      A       74.125.227.110
google.com.             218     IN      A       74.125.227.104
google.com.             218     IN      A       74.125.227.105
google.com.             218     IN      A       74.125.227.98
google.com.             218     IN      A       74.125.227.99

;; Query time: 39 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Sat Jun 15 20:42:36 2013
;; MSG SIZE  rcvd: 204
******************************************************************************************************
[root@bvmdal-centos01 ~]# /etc/init.d/iptables start
iptables: Applying firewall rules:                         [  OK  ]
[root@bvmdal-centos01 ~]# dig google.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached

******************************************************************************************************
[root@bvmdal-centos01 ~]# dig google.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.4 <<>> google.com
;; global options: +cmd
;; connection timed out; no servers could be reached
[root@bvmdal-centos01 ~]# iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:443
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:25
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:587
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:110
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:995
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:143
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:993
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp dpt:22
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           icmp type 8

Chain FORWARD (policy DROP)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
******************************************************************************************************
[root@bvmdal-centos01 ~]# cat /var/spool/postfix/etc/resolv.conf
search bvmdal-centos01.autom8eng.com
nameserver 8.8.8.8
nameserver 8.8.4.4
******************************************************************************************************
[root@bvmdal-centos01 ~]# cat /var/spool/postfix/etc/hosts
127.0.0.1 localhost.localdomain localhost localhost4.localdomain4 localhost4
# Auto-generated hostname. Please do not remove this comment.
172.246.252.204 bvmdal-centos01.autom8eng.com  bvmdal-centos01
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

2

Re: Cannot resolve DNS after iRedMail install while firewall is up

Check iptables rule file directly please: /etc/sysconfig/iptables.
Default iptables rules shipped in iRedMail doesn't block DNS service.