1 Reply Latest reply on Jan 29, 2011 2:53 AM by oreeh

    Sidewinder 7.0.0.07 - Loopback addresses triggering Policy Violation?

      Greetings--

       

      I realize this is an old system, but we work with what our clients give us.

       

      I am configuring a Sidewinder 7.0.0.07 as an alternate route for my client.  It has an internet DNS server, which basically only lists itself and mx records;  everything else is nat'ed by inbound port.

       

      There is are 2 internal DNS servers (NOT hosted on the sidewinder) that have all the real DNS records;  the sidewinder has /etc/resolv.conf set to query those servers.  There is a rule to allow any firewall interface (burb addresses and loopback addresses) to query the internal DNS servers.

       

      However, we are constantly seeing "Policy Violation (Kernel):  Source IP 127.6.0.1 Dest IP 127.6.0.1 source port 53 dest port 53 traffic denied by Deny ALL (last rule).

       

      Am I missing something?  why wouldn't the allow rule take precedent?

       

      Thanks for any help you can provide.

       

      Regards--

       

      Dave Hightower