[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Problems with IP tables firewall (DNS and what the heck is this WinME box doing)

> I upgraded my kernel to 2.4.5 yesterday and decided to switch from using a
> very loose ip chains script that was really only for masquarading to a
> fairly tight ip tables setup.  As it stand all my services are working but
> DNS, but DNS works when I query localhost or the internal 192 ip (since
> these are both basically wide open on there respective interfaces).  Here
> what I currently have in my tcp_packets table for port 53.
> ---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 53 -j allowed
> ---
> and for UDP
> ---
> $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
> ---
> if any one has a clue please do lend it to me :)

Bind8 changed to query other servers, from a non-privileged port.  So you
may well need either to invoke the 'use privileged port option' in
/etc/named.conf, or (better) to allow outgoing packets with a destination
port of 53.

The TCP/IP connection is used for things like zone transfers, so you may be
better to restrict that to other known name servers.

I think using a seperate port for server queries from requests, mean they
don't all get queued up on port 53, offering more robust performance on
heavily used DNS servers.


Reply to: