Home > Community > Technology > Controllerless Networks > Instant firewall rules blocking DNS even though it...

Controllerless Networks

Reply
Topic Options
Aruba Aruba
Aruba
Michael_Clarke
Posts: 1,296
Registered: ‎08-29-2007

Instant firewall rules blocking DNS even though it is allowed
Options

‎01-17-2014 12:29 PM

Hi,

 

I had a situation with some instants where the DNS requests were blocked, even though I had explicitly allowed them.  It is for guest traffic, that is using a corp DNS on 192.168.0.0 network.

 

The rules were as such,

 

svc-dhcp any allow
svc-dns any allow
any network 192.168.0.0/16 deny
any any permit

 No response from the DNS server on 192.168.100.250.  Unless I've misunderstood the firewall rule, this should have worked?

 

The clients are also on a 192.168.154.0 subnet as well, so maybe that has something to do with it.


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
1 person had this problem.
Alert a Moderator
Message 1 of 3 (1,069 Views)
Reply
0 Kudos
MVP MVP
MVP
cdelarosa
Posts: 3,015
Registered: ‎10-25-2011

Re: Instant firewall rules blocking DNS even though it is allowed

[ Edited ]
Options

‎01-17-2014 08:40 PM - edited ‎01-17-2014 08:42 PM

Is that an instant rule?

instant aps rules looks more like this

 

wlan access-rule Casa 
index 2 
rule any any match any any any permit log

 

That looks more like a Controller firewall rule what you got in there though or did you type it like that because it was easier for the forum users to read?

 

Cheers

Carlos

----------------------------------------------------
Product Manager - Aruba Networks
Alternetworks Corp
Alert a Moderator
Message 2 of 3 (1,022 Views)
Reply
0 Kudos
Aruba Aruba
Aruba
Michael_Clarke
Posts: 1,296
Registered: ‎08-29-2007

Re: Instant firewall rules blocking DNS even though it is allowed
Options

‎01-18-2014 02:58 AM

Carlos, actually it is for Instants, but I was writing the rule off the top of my head.  The actual rules are

 

rule any any match udp 67 68 permit
rule any any match udp 53 53 permit
rule 192.168.0.0 255.255.0.0 match any any any deny
rule any any match any any any permit

 but even if I put 'rule 192.168.101.250 255.255.255.255 match any any any permit' above the deny rule, it still doesn't get DNS.

 

AP225s version 4.0.0.1


If my post is helpful please give kudos, or mark as solved if it answers your post.

ACCP, ACMP, ACMX #294
mclarke@arubanetworks.com
Alert a Moderator
Message 3 of 3 (1,010 Views)
Reply
0 Kudos
Search Airheads
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

© Copyright 2017 Hewlett Packard Enterprise Development LP
Powered by Lithium