Outgoing port 53 redirected to special port.

To: Debian User <debian-user@lists.debian.org>
Subject: Outgoing port 53 redirected to special port.
From: Björn Elwhagen <marwin@localbar.com>
Date: Tue, 9 Mar 1999 13:14:55 +0100
Message-id: <[🔎] 19990309131455.B8592@arwen.lyan.hv.se>
Mail-followup-to: Debian User <debian-user@lists.debian.org>

Hello!

I have a slight problem that i want to solve. Since the admins on our
school is really nosy and scans our computers for ftp and web-servers
among, to name a few examples i would like to shut them out completely
from my computer. As it is now i have a pretty straight-forward firewall
that only allows certain IP's that i accept to connect to my computer.

Just for the sake of it and for learning-purposes i would now like to
build a better wall. The problem is that one computer that they scan
from is the name-server and that one is hard to isolate it completely
from here. The only thing i allow from the DNS is UDP from 1024-65535
since DNS, in case the packets isn't larger than 512 bytes which i
haven't encountered so far, uses UDP on a port that the program can
access itself.

What i now would like to do is to organize it so that all the outgoing
requests to the nameserver goes through a special port. I guess it would
be done it i set up a nameserver on my own machine that sends the
requests which should come back on port 53 but i don't like the idea of
another large program that takes up my memory.

1) Is there a way just using chains to do that task or do i have to
learn how masquerading works too?

An example of how i would like it to be: netscape sends a gethostname()
and the request goes out on, lets say, port 567 to the nameserver which
responds to the same port on my computer and netscape gets the IP it
searched for.

2) Another question is, is it possible to isolate 2 or more specific
IP's with the same mask? How would i do? I guess that it would be
possible with some sort of simple boolean algebra but i'm not sure.

Example: isolate the addresses 10.0.0.1 and 10.0.0.2 and 10.0.0.7.

I would be very glad if someone could help me out here. I know how to
set up chains using ipchains so that won't be nessecery to explain, but
i haven't fooled around with masquerading so that's the problem perhaps.
These questions is directed to people that are kind enough to send me a
good answer and not just to point to a bunch of HOWTO's.

Advance thanks.

// Marwin

-- 
| Björn Elwhagen aka Marwin             Finger marwin@arwen.mumin.nu |	
| Student at Wexio University           for PGP public key. (broken) |
| Sweden                                ICQ: 356095                  |

Reply to:

Follow-Ups:
- Re: Outgoing port 53 redirected to special port.
  - From: Maarten Boekhold <boekhold@tibco.com>
- Re: Outgoing port 53 redirected to special port.
  - From: Björn Elwhagen <marwin@localbar.com>

Prev by Date: Where is the exim cookbook? Was Re:[exim] Custom headers
Next by Date: Re: Printer in kernel 2.2.1
Previous by thread: Re: Printer in kernel 2.2.1
Next by thread: Re: Outgoing port 53 redirected to special port.
Index(es):
- Date
- Thread