[Firehol-support] Windows 7 & 10 dns resolution

Celedhrim celed+firehol at ielf.org
Mon Mar 6 19:59:27 GMT 2017


Hi,

I log all with ulog , but nothing with "in=eth0" and nothing about my 
windows client IP

Here is my configuration

I have added at the end

###############
# WINDOWS DNS BUG
##############
iptables -I INPUT -i eth0 -j ACCEPT

All work like a charm

Le 06/03/2017 à 19:31, Phil Whineray a écrit :
> Hi Celedhrim
>
> On Mon, Mar 06, 2017 at 07:06:19PM +0100, Celedhrim wrote:
>> Hi,
>>
>> I have a debian testing as gateway on my network with 2 NIC , eth0:lan
>> eth1:wan
>> This gateway is also dhcp/dns for the lan
>> With linux android client no problems , all is fine.
>> With windows 10 , windows 7 and xbox one , when they start , they say :
>> No network.
>> I can ping the gateway , http it etc but nslookup say : TIMEOUT :(
> Did you check the logs on your gateway? Check out this page:
>    http://firehol.org/guides/firehol-troubleshooting/
>
> If that doesn't help, could you include your firehol.conf?
>
> Cheers
> Phil


-------------- next part --------------
# FireHOL configuration file
#
# See firehol.conf(5) manual page and FireHOL Manual for details.
#
# This configuration file will allow all requests originating from the
# local machine to be send through all network interfaces.
#
# No requests are allowed to come from the network. The host will be
# completely stealthed! It will not respond to anything, and it will
# not be pingable, although it will be able to originate anything
# (even pings to other hosts).
#

version 6

# Accept all client traffic on any interface
#interface any world
#	client all accept

###############
# VARIABLES
###############

datura="212.83.180.20"
mescaline="176.31.127.208"
claranet="62.240.254.57"
xbox_one="10.12.13.3"
celerity="10.12.13.27"

###############
# FAIL2BAN
###############

ipset create f2b-sshd hash:ip 
blacklist full ipset:f2b-sshd


###############
# DNAT
###############

# Permettre l'acces a tox du lan par le dns publique.
dnat to 10.12.13.1 inface eth0 dst tox.ielf.org

# Forward vers la xbox pour xbox live
for x in ${server_xboxlive_ports}
do
	dnat to ${xbox_one} inface eth1 proto "${x/\/*/}" dport "${x/*\//}"
done

# Forward steam
for x in ${server_steam_ports}
do
	dnat to ${celerity} inface eth1 proto "${x/\/*/}" dport "${x/*\//}"
done


###############
# INTERFACES
###############


interface eth0 lan
	policy accept

interface eth1 wan
	policy drop
	server ping accept
	server ssh accept
	server http accept
	server https accept
	server smtp accept
	server xboxlive accept
	server steam accept
	server weechat accept
	server taskd accept
	server any accept src $datura
	server any accept src $mescaline
	client all accept
	

interface docker0 docker
	policy accept

###############
# ROUTERS
###############

router lan2wan inface eth0 outface eth1
	masquerade
	route all accept

router docker2wan inface docker+ outface eth1
	masquerade
	route all accept


More information about the Firehol-support mailing list