DNS
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsSystem AdministrationDNS
Reload this Page

DNS and iptables problem

Discuss DNS and iptables problem in the DNS forum on Dev Shed.
DNS and iptables problem DNS forum discussing issues, servers, and configurations. The Domain Name System (DNS) is what the Internet uses to translate website names into IP addresses.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Stop making mediocre tutorials.The best tutorials are video! Camtasia Studio makes it easy to create engaging, buzz-building screen videos at any size, in any popular format. Download the free trial!
  #1  
Old August 1st, 2003, 10:01 AM
gmontag gmontag is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2003
Posts: 6 gmontag User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 30 m 41 sec
Reputation Power: 0
DNS and iptables problem
I have a problem. I just setup DNS for a test domain, and I can only get it to work with iptables service turned off.

Here is my iptables -L:

Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:51
ACCEPT tcp -- anywhere anywhere tcp dpt:51 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
DROP all -- 62.94.122.251 anywhere
DROP all -- 216.240.146.123 anywhere
DROP all -- 149-242-189-209.managednetworks.com anywhere
DROP all -- 212-165-141-44.reverse.newskies.net anywhere
DROP all -- wdcsun23.usdoj.gov anywhere
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
DROP all -- 216.240.146.129 anywhere
DROP all -- 217.20.241.2 anywhere
DROP all -- ool-18bcca3f.dyn.optonline.net anywhere
DROP all -- pool-151-205-127-213.char.east.verizon.net anywhere
DROP all -- pool-151-204-150-124.ny325.east.verizon.net anywhere
DROP all -- h-64-105-94-106.SNVACAID.covad.net anywhere
DROP all -- wdcsun25.usdoj.gov anywhere
DROP all -- wdcsun27.usdoj.gov anywhere
DROP all -- 149.101.0.0/16 anywhere
DROP all -- 212-165-141-44.reverse.newskies.net anywhere
DROP all -- 12.109.17.210 anywhere

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain

Chain RH-Lokkit-0-50-INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain flags:SYN,RST,ACK/SYN
ACCEPT udp -- stones.viawest.net anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- cachens.den.viawest.net anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
swipe-- anywhere anywhere
ACCEPT swipe-- anywhere anywhere

Any ideas on what I'm doing wrong here?

TIA,

Alex
Reply With Quote
  #2  
Old August 3rd, 2003, 02:04 PM
alexgreg's Avatar
alexgreg alexgreg is offline
Full Access
Dev Shed Regular (2000 - 2499 posts)
  
Join Date: Jun 2000
Location: London, UK
Posts: 2,019 alexgreg User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 3 sec
Reputation Power: 11
Quote:
I have a problem. I just setup DNS for a test domain, and I can only get it to work with iptables service turned off.

I presume you mean you're running a DNS server? If so, you need to accept incoming DNS traffic destined for port 53:
Code:
iptables -A INPUT -p udp --dport 53 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
__________________
Alex
(http://www.alex-greg.com)
Reply With Quote
  #3  
Old August 3rd, 2003, 02:50 PM
gmontag gmontag is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Aug 2003
Posts: 6 gmontag User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 30 m 41 sec
Reputation Power: 0
All better
Thanks, but I just solved the problem.

Apparently I needed a rule for incoming UDP connections in the Lokkit, and the following line worked:

iptables -I RH-Lokkit-0-50-INPUT -p udp --dport 53 -j ACCEPT

Thanks again,

Alex
Reply With Quote
Reply

Viewing: Dev Shed ForumsSystem AdministrationDNS > DNS and iptables problem

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 1 hosted by Hostway