IPTables and DNS problem

Computing.Net > Forums > Linux > IPTables and DNS problem

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

IPTables and DNS problem

Name: Alex
Date: August 1, 2003 at 15:01:58 Pacific
OS: Redhat 9
CPU/Ram: Dual PII 400 / 2GB

Comment:

I have a problem. I just setup DNS for a test domain, and I can only get it to work with iptables service turned off.
Here is my iptables -L:
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:51
ACCEPT tcp -- anywhere anywhere tcp dpt:51 flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
DROP all -- 62.94.122.251 anywhere
DROP all -- 216.240.146.123 anywhere
DROP all -- 149-242-189-209.managednetworks.com anywhere
DROP all -- 212-165-141-44.reverse.newskies.net anywhere
DROP all -- wdcsun23.usdoj.gov anywhere
RH-Lokkit-0-50-INPUT all -- anywhere anywhere
DROP all -- 216.240.146.129 anywhere
DROP all -- 217.20.241.2 anywhere
DROP all -- ool-18bcca3f.dyn.optonline.net anywhere
DROP all -- pool-151-205-127-213.char.east.verizon.net anywhere
DROP all -- pool-151-204-150-124.ny325.east.verizon.net anywhere
DROP all -- h-64-105-94-106.SNVACAID.covad.net anywhere
DROP all -- wdcsun25.usdoj.gov anywhere
DROP all -- wdcsun27.usdoj.gov anywhere
DROP all -- 149.101.0.0/16 anywhere
DROP all -- 212-165-141-44.reverse.newskies.net anywhere
DROP all -- 12.109.17.210 anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp spt:domain
ACCEPT udp -- anywhere anywhere udp spt:domain
Chain RH-Lokkit-0-50-INPUT (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:domain flags:SYN,RST,ACK/SYN
ACCEPT udp -- stones.viawest.net anywhere udp spt:domain dpts:1025:65535
ACCEPT udp -- cachens.den.viawest.net anywhere udp spt:domain dpts:1025:65535
ACCEPT tcp -- anywhere anywhere tcp dpt:http flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:smtp flags:SYN,RST,ACK/SYN
ACCEPT tcp -- anywhere anywhere tcp dpt:telnet flags:SYN,RST,ACK/SYN
ACCEPT all -- anywhere anywhere
REJECT tcp -- anywhere anywhere tcp dpts:0:1023 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:nfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpts:0:1023 reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dpt:nfs reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpts:x11:6009 flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:xfs flags:SYN,RST,ACK/SYN reject-with icmp-port-unreachable
swipe-- anywhere anywhere
ACCEPT swipe-- anywhere anywhere
Any ideas on what I'm doing wrong here?
TIA,
Alex

Sponsored Link

Ads by Google

Response Number 1

Name: kenneth
Date: August 1, 2003 at 15:46:35 Pacific

Reply:

i don't really know your problem, or did you open port for DNS???
alos i have a question to ask you...
which is i have a iptables firewall too, but i don't know why it doesn't block any packet that is destinated for other machines behind the firewall, it can only block packet that is for the firewall machine it self.
hope you know what i mean, do you know why?

please...
kenneth

Response Number 2

Name: Alex
Date: August 3, 2003 at 08:44:03 Pacific

Reply:

Kenneth,
I tried to open port 53 up, but apparently I'm not doing something right.
I don't know all that much about IPTables but I think the answer to your question invloves setting FORWARD rules.

Sponsored Link

Ads by Google

iptables DNS https rst ack Site-to-Site VPN and DNS Problem	how to search windows 2003 server ads and dns problem dhcp and dns problems ie8 and google dns problems
See More

How to run a script at ce...

iptables expert please he...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Linux Forum Home

Sponsored links

Ads by Google

Results for: IPTables and DNS problem

Linux Mandrake, DNS problems

Summary

www.computing.net/answers/linux/linux-mandrake-dns-problems/26784.html

DNS problem ???

Summary

www.computing.net/answers/linux/dns-problem-/5296.html

New to Linux and mouse problem

Summary

www.computing.net/answers/linux/new-to-linux-and-mouse-problem/27466.html

From the Geek Dictionary
quad core - quad core stands for a computer processor that has 4 individual cores insid...

Ask a Question!

Weekly Poll
What do you think of the new preview of Chrome OS?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
CPU Speeds

rolling screen

how can i run geexbox mplayer in debug mode ?

c:\ is not accessible.

some qns

All Awaiting Reply

Tom's News
New Final Fantasy XIII Trailer is 5 Minutes Long

TV Market to Launch Cross-Platform App Store

Used ATM Machines for Sale on Craigslist

Rival Publishers Collaborate on iTunes-type Store

Guy Quits Job With Error Message

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE