A lot of HAVP DNS errors



  • I have a setup with havp. I get a lot of HAVP DNS errors and after 1 to 3 minutes it works for 5-10 min and than it happen again. On a other forum i get as answer too try add these rules to look if that helps (rules are from another forum then where i get the answer):

    ######################$ dns output $######################
    /sbin/iptables -A OUTPUT -p udp -m multiport –dport 53 -j ACCEPT

    and added the following line to iptables input chain table:

    ######################$ dns input $######################
    /sbin/iptables -A INPUT -p udp -m multiport --sport 53 -j ACCEPT

    and added the following lines to iptables forward chain table:
    ######################$ dns $######################
    /sbin/iptables -A FORWARD -s 192.168.0.0/24 -o WAN1 -p udp -m multiport --dport 53 -j ACCEPT
    ######################$ reversedns $######################
    /sbin/iptables -A FORWARD -d 192.168.0.0/24 -o WAN2 -p udp -m multiport --sport 53 -j ACCEPT

    But i don't know how to add these rules to my setup. Does somebody know how too add them or maybe another solution.

    PS: I have as DNS servers Google dns servers (8.8.8.8 en 8.8.4.4) and the dns servers of my ISP. My PfSense version is 2.1.4 and havp version is 0.91_1 pkg v1.02.



  • Somebody any ideas?



  • the rules above are iptables' rules. iptables = "default' linux firewall
    pfSense is not running on linux, it runs on freebsd. Freebsd uses different kinds of firewall software.

    also i doubt those firewall rules (if translated correctly) would solve any problem with anything.

    They basically, just open up port 53 OUT/IN and create a NAT rule for it. seems useless if you have a working internet connection.
    Perhaps, you should post, the error you get, in the packages section of the forum. (HAVP is a package)



  • I reinstalled pfsense without havp and get now the error 'This page can't be displayed' wich is i think basically the same error as that i get with HAVP installed.
    I have a modemrouter in front of pfsense, maybe the problem lays there. In the securitylog of that modemrouter are a lot of SYN Flood to host and TCP FIN Scan from the ip of the pfsense firewall. Is that maybe the problem?


Log in to reply