|
|
|
|
|||||||
| Forums | Portal | Register | Rules & FAQ | Contribute | Members List | Arcade | Search | Today's Posts | Mark Forums Read |
| Linux RedHat, Ubuntu, SUSE, Fedora, Debian, Mandriva, Slackware, Gentoo linux, PCLinuxOS. All Linux questions here! |
More UNIX and Linux Forum Topics You Might Find Helpful
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Help needed in IPTables firewall/router setup - Linux | chandan_m | Security | 0 | 08-24-2007 03:20 PM |
| Linux IPTABLES help | nogumo | UNIX for Dummies Questions & Answers | 0 | 06-18-2005 04:31 PM |
| LINUX 9 IPTABLES and DNS | frankkahle | UNIX for Advanced & Expert Users | 1 | 03-03-2005 06:04 AM |
| IPtables | Jody | UNIX for Dummies Questions & Answers | 3 | 05-31-2003 05:08 PM |
| how to configure a linux box as a firewall using iptables | Deuce | UNIX for Dummies Questions & Answers | 2 | 11-06-2001 01:25 PM |
 |
|
|
LinkBack | Thread Tools | Display Modes |
03-02-2005
|
|||
|
|||
|
LINUX 9 IPTABLES and DNS
I have installed a linux 9 router/firewall and have issues with outside DNS queries making it in. here are my IPTABLE rules, can anyone make some suggestions?
ETH1 is my outside facing Interface, ETH0 is my inside facing interface. Accept If input interface is not eth1 Accept If protocol is TCP and TCP flags ACK (of ACK) are set Accept If protocol is UDP and input interface is eth1 and destination port is 1024:65535 and source port is 53 Accept If state of connection is ESTABLISHED Accept If state of connection is RELATED Accept If protocol is TCP and destination is 216.58.39.241 and input interface is eth1 and destination port is 110 Accept If protocol is TCP and destination is 216.58.39.241 and input interface is eth1 and destination port is 25 Accept If protocol is TCP and input interface is eth1 and source and destination ports are 6346 Accept If protocol is ICMP and ICMP type is source-quench Accept If protocol is ICMP and ICMP type is time-exceeded Accept If protocol is ICMP and ICMP type is parameter-problem Accept If protocol is TCP and destination port is ssh Accept If protocol is TCP and destination port is auth 
|
| Forum Sponsor | ||
|
|
|
03-09-2005
|
||||
|
||||
|
Quote:
Simple rules of the UNIX.COM forums: See rule #9 You will probably need to explicity allow the DNS requests trough by allowing access on port 111. Last edited by reborg; 03-09-2005 at 02:12 PM.
|
|
03-10-2005
|
||||
|
||||
|
You will have to bear with me because it has been quite some time since I have had any need to manipulate iptables on any of my servers, but I got a bit confused between a phonecall I was on when I replied to this and your question.
What I meant to say is that you would need to allow access for UDP and TCP on port 53. Most lookups happen by UDP but some do not, and zone transfers happen exclisively by TCP.
|
|
03-10-2005
|
|||
|
|||
|
this is what I ended up doing
Accept If protocol is UDP and destination is 216.58.24.33 and destination port is 53 and source port is 1024:65535
Accept If protocol is UDP and destination port is 1024:65535 and source port is 53 Oh yeah I also changed IP to 216.58.24 Last edited by frankkahle; 03-10-2005 at 12:56 PM.
|
Hexxagon Champion!
Linear Mode
