1 Reply Latest reply on Jan 29, 2011 2:53 AM by oreeh

    Sidewinder - Loopback addresses triggering Policy Violation?



      I realize this is an old system, but we work with what our clients give us.


      I am configuring a Sidewinder as an alternate route for my client.  It has an internet DNS server, which basically only lists itself and mx records;  everything else is nat'ed by inbound port.


      There is are 2 internal DNS servers (NOT hosted on the sidewinder) that have all the real DNS records;  the sidewinder has /etc/resolv.conf set to query those servers.  There is a rule to allow any firewall interface (burb addresses and loopback addresses) to query the internal DNS servers.


      However, we are constantly seeing "Policy Violation (Kernel):  Source IP Dest IP source port 53 dest port 53 traffic denied by Deny ALL (last rule).


      Am I missing something?  why wouldn't the allow rule take precedent?


      Thanks for any help you can provide.




      Dave Hightower