Re: iptables and domain services...

To: debian-user@lists.debian.org
Subject: Re: iptables and domain services...
From: "Janet Post" <j.post@sparton.ca>
Date: Thu, 19 Apr 2001 16:59:59 -0400
Message-id: <[🔎] sadf1997.060@sparton.ca>

So you're running a DNS server?

No.  I'm just trying to get name resolution working.

iptables is just trying to resolve the ip numbers in your rules.
"iptables -L -n" will change that.

Yes.  I -finally- figured this out, thanks to Phil and Noah.  Noah was correct that iptables hanging was just a symptom of my problem.  I have to figure out how to get DNS name resolution working.....

If the policy on the INPUT chain is "DROP" or "REJECT" try making this the
first rule in your INPUT chain:

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

You should run

iptables -I INPUT 1 -m state --state ESTABLISHED,RELATED -j ACCEPT

if you don't clear your INPUT chain first.

What would the benefit of these rules be?  I understand that they allow a previously established connection and related connections (like icmp error messages) though, but I am allowing those services anyway?  Nevermind...I just figured it out -- it's so that the return packets to not have to traverse the entire chain again.  (It's been a long day!)


I'm still not clear on this then...What ports do I open to allow my server and the computers behind it resolve ip numbers?  It is obviously NOT port 53 or my rules would work.


Thank you so much for your help,

Janet Post
j.post@sparton.ca

Reply to:

Follow-Ups:
- Re: iptables and domain services...
  - From: Jason Healy <jhealy@logn.net>

Prev by Date: Re: firewall log messages
Next by Date: Re: Drive images
Previous by thread: Re: iptables and domain services...
Next by thread: Re: iptables and domain services...
Index(es):
- Date
- Thread