Re: Problems with IP tables firewall (DNS and what the heck is this WinME box doing)
Subject: Problems with IP tables firewall (DNS and what the heck is this WinME box doing)
Date: Wed, Jun 06, 2001 at 09:40:16AM -0600
In reply to:Ehren Wilson
Quoting Ehren Wilson(ewilson@echostar.ca):
> Hello,
>
> I upgraded my kernel to 2.4.5 yesterday and decided to switch from using a
> very loose ip chains script that was really only for masquarading to a
> fairly tight ip tables setup. As it stand all my services are working but
> DNS, but DNS works when I query localhost or the internal 192 ip (since
> these are both basically wide open on there respective interfaces). Here is
> what I currently have in my tcp_packets table for port 53.
> ---
> $IPTABLES -A tcp_packets -p TCP -s 0/0 --dport 53 -j allowed
^^^^^^^^^^
> ---
> and for UDP
> ---
> $IPTABLES -A udpincoming_packets -p UDP -s 0/0 --source-port 53 -j ACCEPT
I have the following working witn bind 8.2.3-0.potato.1. Above is the only difference
I see.
# Allow DNS resolution
# UDP DNS incoming responses
$IPTABLES -A INPUT -p udp -s 0/0 --source-port domain -j ACCEPT
# TCP DNS incoming responses
$IPTABLES -A INPUT -p tcp -s 0/0 --source-port domain -j no-conns-from-ppp0
# note the jump to "no-conns-from-ppp0", which is another chain that verifies
# the state of the connection:
HTH
--
| LINUX - Because a PC is a terrible thing to waste..on WinDoze |
_______________________________________________________
Reply to: