DNS Lookups failing due to binding to nat address



  • When doing a dig i was unable to do DNS lookups due to the following error

    dig @75.75.75.75 cnn.com

    ; <<>> DiG 9.11.1 <<>> @75.75.75.75 cnn.com
    ; (1 server found)
    ;; global options: +cmd
    ;; connection timed out; no servers could be reached

    I did a packet capture and it seems that the lookups are being sourced from the egree NAT IP and not the wan interface.  Is there a way to correct that?  I'm not able to install packages or forward DNS lookups because of this as well.  Thanks


  • LAYER 8 Global Moderator

    Well what are you outbound nat rules?



  • Here is the outbound nat table, it still binds to the .3 address even if i disable the nat.

    Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description Actions
      WAN x.x.x.135/32 * * * NO NAT *  
      WAN x.x.x..0/24 * * * NO NAT *  
      WAN x.x.x.132/32 * * * NO NAT *  
      WAN x.x.x.131/32 * * * NO NAT *  
      WAN x.x.x.133/32 * * * NO NAT *  
      WAN x.x.x.134/32 * * * NO NAT *  
    WAN x.x.222.0/24 * * * x.x.x.27/32 *  
    WAN any * * *         x.x.x.3/32 *


Log in to reply